Makes good sens and definitely clarifies some questions
I had.
Thank you
Philippe
Bret Hughes <[EMAIL PROTECTED]> writes:
> The -P flag sets the default policy that will be used if no other rule
> is matched. A default poicy of deny or reject is a good idea as a
> catchall rule in addition to a rule that basically does the same thing
> but provides logging. I like it primarily because the syntax is so
> simple even I can look at it and know that anything I don't explicitly
> do something else with will be dropped. A lot of the scripts use a rule
> similar to the ones given
>
> ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
> ipchains -A output -s 0/0 -d 0/0 -j REJECT -l
>
> inorder to log the rejection and get an idea of how often the rule (that
> is actually synonymous with the policy) is used.
>
> Anyway the primary difference is the -P vs the -A. P= default policy
> and A= add rule.
>
>
> Hope this helps,
>
> Bret
>
> Philippe Moutarlier wrote:
> >
> > I am a little confused with your explanation. I could experience the same as
> > Wellington but the, when you start (as you should) with :
> >
> > > > ipchains -P input REJECT
> > > > ipchains -P output REJECT
> > > > ipchains -P forward REJECT
> >
> > Those rules match everything for the given chains (input, output and forward)
>don't they ? In that case, why is ipchains still going down to find other matching
>rules ?
> >
> > Thanks
> >
> > Philippe
> >
> > Bret Hughes <[EMAIL PROTECTED]> writes:
> >
> > > Wellington Terumi Uemura wrote:
> > >
> > > > Question 1:
> > > > Here is my basic script:
> > > > #!/bin/sh
> > > > PATH=/sbin
> > > >
> > > > ipchains -P input ACCEPT
> > > > ipchains -P output ACCEPT
> > > > ipchains -P forward ACCEPT
> > > > ipchains -F
> > > > ipchains -P input REJECT
> > > > ipchains -P output REJECT
> > > > ipchains -P forward REJECT
> > > > ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 22 -j ACCEPT
> > > > ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 23 -j ACCEPT
> > > > ipchains -A output -p tcp -s 192.168.1.3 22 -d 192.168.0.0/24 -j ACCEPT
> > > > ipchains -A output -p tcp -s 192.168.1.3 23 -d 192.168.0.0/24 -j ACCEPT
> > > > ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
> > > > ipchains -A output -s 0/0 -d 0/0 -j REJECT -l
> > > >
> > > > The last two lines that i want to know about,if i move then to the top of
> > > > the script even if i open the telnet and ssh like i did,the ipchains dont
> > > > accept connections for telnet and ssh,why???
> > > > I use this last two lines for debug proposes and i know if i comment this
> > > > lines out,everything bellow will work,but i dont understand the why!
> > > >
> > >
> > > I believe IP chains cruises down the "chain" of rules until one matches.
> > > then does what ever the target is. It can be another set of rules or
> > > one of the special actions like REJECT. By putting these lines first the
> > > packet matches the rule, and rejects the packet and stops. Order is
> > > important since each rule is examined in the order they appear and if
> > > matched no other action will be taken.
> > >
> > > >From the ipchains man page
> > >
> > > TARGETS
> > > A firewall rule specifies criteria for a packet, and a
> > > target. If the packet does not match, the next rule in
> > > the chain is the examined; if it does match, then the next
> > > rule is specified by the value of the target, which can be
> > > the name of a user-defined chain, or one of the special
> > > values ACCEPT, DENY, REJECT, MASQ, REDIRECT, or RETURN.
> > >
> > > In this case the 0/0 notation must mean all hosts. I am used to seeing
> > > it as 0.0.0.0/0 but this is more concise. It threw me a little because
> > > I have not messed with this stuff for a while and had to figure out the
> > > host src and dest notation.
> > >
> > >
> > > Hope this helps.
> > >
> > > Bret
> > >
> > > > Question 2
> > > > Every body know about hackers doing party on internet servers they dont
> > > > own,so,i have an idea and doesn't know if this it's possible.
> > > > If we put a prog to check our systems ( servers ) like portsentry,iplogger
> > > > or whatever and create a script or program to filter this logs,grab the
> > > > attackers IP, and auto-generate ipchains rules against the intruder???
> > > > I mean,to take over a server you need to scan it first,or do an search on
> > > > open ports and then attack(DOS attacks and many others).For example,port
> > > > scanners searchs are fast ( last than 1 sec for x ports ) but they come from
> > > > the same source,taking base on this "magic program or script" will lock up
> > > > IPs that change from one port to another in x secs and then generate an
> > > > ipchains whatever -j REJECT.
> > > > This is just a idea,and example,this kind a prog cam be made or allready
> > > > exist?
> > > >
> > > > Thanks
> > > > ______________________________________________________
> > > > Get Your Private, Free Email at http://www.hotmail.com
> > > >
> > > > --
> > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > as the Subject.
> > >
> > >
> > > --
> > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > as the Subject.
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
>
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
