I'm feeling paranoid - with good reason.
bjfowler at chanzy.eclipse.co.uk
Thu Feb 2 23:51:41 GMT 2006
On Thursday 02 Feb 2006 17:58, John wrote:
> Thanks but I will need to find out where this should go on my machine -
> there isn't an iptables other than an executable.
There should be a script in /etc/rc.d/init.d that starts iptables and loads
the ruleset in /etc/sysconfig/iptables. (Note I have not used SuSE for some
time, I use Mandriva, but the setups are very similar.) The iptables rpm
should have installed all the necessary files.
> Looking through that it
> seems to have a help section so I'll take a look and also find out where it
> is called. I only ever run specific programs or the console as root. I'm
> running an open source adsl router so it hopefully won't have any leaks.
> Looking around the machine there is a lot of suse stuff associated with the
> firewall - it's a paid for distro. Things like suse2 firewall. Does this
> mean I'm not running the linux firewall?
The SuSE 2 firewall is a very complex set of iptable rules. It has to cover
all sorts of configurations. My system is a simple home/office setup. My
iptables ruleset is meant as a secondary firewall, the heavy lifting is done
by the firewall in the SpeedTouch router.
I offer no services to the outside world, so I can use a simple ruleset. The
rules I gave will block ALL ports and ANY protocol if the packet state is NEW
or INVALID, ie NOT in reply to a transaction that I have instigated. The
ruleset lets through replies to requests to others for ftp, web or mail, but
prevents outsiders from access.
> I've also installed guarddog and used it to block all but ftp,email and
> web. As far as I can tell it is doing that even though it warns that it
> might not. I think that it's protocol block interface is an excellent idea
> - nice, direct and simple.
If you log attempts to gain entry, you can examine what is going on. The log
entries list inter alia the source and target port.
> It's a shame that the project seems to have
> stalled. Maybe the kde boys would like to take on the 3 associated
> programs. There must be lot's of people about that find this area of linux
> to be something of a black art. The whole area must be a time/knowledge
> issue for many. I'm going to try the other 2 progs on the off chance that
> they work.
> My main worry now is that the internet activity light blinks every few
> seconds and there seems to be some machine side and net activity after
> boot. Maybe the internet side is just scans but I would like to log the
> activity after boot.
Check for open ports by running nmap localhost. This will give a list of all
open ports. Other programs such as lsof and netstat will give further info.
Go through inetd.conf (xinetd) and shut down any service that is not
essential. Remember if a port is closed, nothing can use that port.
> PS Any improvements on Basil's scripts would still be appreciated.
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
More info: http://www.kde.org/faq.html.
More information about the kde