I'm feeling paranoid - with good reason.

Basil Fowler bjfowler at chanzy.eclipse.co.uk
Thu Feb 2 23:51:41 GMT 2006 

On Thursday 02 Feb 2006 17:58, John wrote:
> Thanks but I will need to find out where this should go on my machine -
> there isn't an iptables other than an executable. 

There should be a script in /etc/rc.d/init.d that starts iptables and loads 
the ruleset in /etc/sysconfig/iptables.  (Note I have not used SuSE for some 
time, I use Mandriva, but the setups are very similar.)  The iptables rpm 
should have installed all the necessary files.

> Looking through that it 
> seems to have a help section so I'll take a look and also find out where it
> is called. I only ever run specific programs or the console as root. I'm
> running an open source adsl router so it hopefully won't have any leaks.
> Looking around the machine there is a lot of suse stuff associated with the
> firewall - it's a paid for distro. Things like suse2 firewall. Does this
> mean I'm not running the linux firewall?

The SuSE 2 firewall is a very complex set of iptable rules.  It has to cover 
all sorts of configurations.  My system is a simple home/office setup. My 
iptables ruleset is meant as a secondary firewall, the heavy lifting is done 
by the firewall in the SpeedTouch router.

I offer no services to the outside world, so I can use a simple ruleset.  The 
rules I gave will block ALL ports and ANY protocol if the packet state is NEW 
or INVALID, ie NOT in reply to a transaction that I have instigated.  The 
ruleset lets through replies to requests to others for ftp, web or mail, but 
prevents outsiders from access.

> I've also installed guarddog and used it to block all but ftp,email and
> web. As far as I can tell it is doing that even though it warns that it
> might not. I think that it's protocol block interface is an excellent idea
> - nice, direct and simple. 

If you log attempts to gain entry, you can examine what is going on.  The log 
entries list inter alia the source and target port.

> It's a shame that the project seems to have 
> stalled. Maybe the kde boys would like to take on the 3 associated
> programs. There must be lot's of people about that find this area of linux
> to be something of a black art. The whole area must be a time/knowledge
> issue for many. I'm going to try the other 2 progs on the off chance that
> they work.
>
> My main worry now is that the internet activity light blinks   every few
> seconds and there seems to be some machine side and net activity after
> boot. Maybe the internet side is just scans but I would like to log the
> activity after boot.

Check for open ports by running nmap localhost.  This will give a list of all 
open ports.  Other programs such as lsof and netstat will give further info.  
Go through inetd.conf (xinetd) and shut down any service that is not 
essential.  Remember if a port is closed, nothing can use that port.


> Regards
> John
> PS Any improvements on Basil's scripts would still be appreciated.

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list