Wellington Terumi Uemura wrote:
> Question 1:
> Here is my basic script:
> #!/bin/sh
> PATH=/sbin
>
> ipchains -P input ACCEPT
> ipchains -P output ACCEPT
> ipchains -P forward ACCEPT
> ipchains -F
> ipchains -P input REJECT
> ipchains -P output REJECT
> ipchains -P forward REJECT
> ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 22 -j ACCEPT
> ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 23 -j ACCEPT
> ipchains -A output -p tcp -s 192.168.1.3 22 -d 192.168.0.0/24 -j ACCEPT
> ipchains -A output -p tcp -s 192.168.1.3 23 -d 192.168.0.0/24 -j ACCEPT
> ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
> ipchains -A output -s 0/0 -d 0/0 -j REJECT -l
>
> The last two lines that i want to know about,if i move then to the top of
> the script even if i open the telnet and ssh like i did,the ipchains dont
> accept connections for telnet and ssh,why???
> I use this last two lines for debug proposes and i know if i comment this
> lines out,everything bellow will work,but i dont understand the why!
>
I believe IP chains cruises down the "chain" of rules until one matches.
then does what ever the target is. It can be another set of rules or
one of the special actions like REJECT. By putting these lines first the
packet matches the rule, and rejects the packet and stops. Order is
important since each rule is examined in the order they appear and if
matched no other action will be taken.
>From the ipchains man page
TARGETS
A firewall rule specifies criteria for a packet, and a
target. If the packet does not match, the next rule in
the chain is the examined; if it does match, then the next
rule is specified by the value of the target, which can be
the name of a user-defined chain, or one of the special
values ACCEPT, DENY, REJECT, MASQ, REDIRECT, or RETURN.
In this case the 0/0 notation must mean all hosts. I am used to seeing
it as 0.0.0.0/0 but this is more concise. It threw me a little because
I have not messed with this stuff for a while and had to figure out the
host src and dest notation.
Hope this helps.
Bret
> Question 2
> Every body know about hackers doing party on internet servers they dont
> own,so,i have an idea and doesn't know if this it's possible.
> If we put a prog to check our systems ( servers ) like portsentry,iplogger
> or whatever and create a script or program to filter this logs,grab the
> attackers IP, and auto-generate ipchains rules against the intruder???
> I mean,to take over a server you need to scan it first,or do an search on
> open ports and then attack(DOS attacks and many others).For example,port
> scanners searchs are fast ( last than 1 sec for x ports ) but they come from
> the same source,taking base on this "magic program or script" will lock up
> IPs that change from one port to another in x secs and then generate an
> ipchains whatever -j REJECT.
> This is just a idea,and example,this kind a prog cam be made or allready
> exist?
>
> Thanks
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
