security precautionswith iptables?

Travis Siegel tsiegel at softcon.com
Sun May 20 17:33:15 EDT 2007


If you turn off the various utilities in the inetd.conf file that you  
don't use, that can help too.
I.E. since you're using ssh, you won't need telnet and rlogin.   
Simply comment them out.  That way, no matter how many packets go to  
that destination port, it won't do a bit of good.
You are of course welcome to block any ports you like, and it's  
likely that'll help too, but the inetd daemon is a nice way to secure  
the machine as well.

As for the problem with the outgoing ping packets, there are ways to  
specify incoming/outgoing packets, but I've not fiddled with ip rules  
for several years, so i don't remember the syntax.  However, there's  
a very good how-to on the linux how-to site explaining ipfwadm and  
ipchains.  One of the examples in there is how to secure the machine  
for a particular service (don't remember which one) but it covers  
that exact problem (if I remember correctly)
Try to see if you can find it.  If not, I'm sure I have it *somewhere*.
But, just so you know, there is a solution, I (unfortunately) no  
longer remember what it is though.


On May 20, 2007, at 11:34 AM, Littlefield, Tyler wrote:

> Hello list,
> I've been told to block ping requests with iptables. I made the  
> following rule:
> iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
> The only problem with this, is it drops all pings incoming as well,  
> which causes a slight problem.
> Any way around this?
> Also, is there anything else that can be done in order to make the  
> system more secure? I was told to block fragmented packets. I know  
> what they are, but don't know enough about tcp in order to be able  
> to do much with them.
> Help is appriciated.
> Thanks,
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>





More information about the Speakup mailing list