No problem. Glad I could contribute something back to the list that has
helped me so much.
Bret
Philippe Moutarlier wrote:
>
> Makes good sens and definitely clarifies some questions
> I had.
>
> Thank you
>
> Philippe
>
> Bret Hughes <[EMAIL PROTECTED]> writes:
>
> > The -P flag sets the default policy that will be used if no other rule
> > is matched. A default poicy of deny or reject is a good idea as a
> > catchall rule in addition to a rule that basically does the same thing
> > but provides logging. I like it primarily because the syntax is so
> > simple even I can look at it and know that anything I don't explicitly
> > do something else with will be dropped. A lot of the scripts use a rule
> > similar to the ones given
> >
> > ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
> > ipchains -A output -s 0/0 -d 0/0 -j REJECT -l
> >
> > inorder to log the rejection and get an idea of how often the rule (that
> > is actually synonymous with the policy) is used.
> >
> > Anyway the primary difference is the -P vs the -A. P= default policy
> > and A= add rule.
> >
> >
> > Hope this helps,
> >
> > Bret
> >
> > Philippe Moutarlier wrote:
> > >
> > > I am a little confused with your explanation. I could experience the same as
> > > Wellington but the, when you start (as you should) with :
> > >
> > > > > ipchains -P input REJECT
> > > > > ipchains -P output REJECT
> > > > > ipchains -P forward REJECT
> > >
> > > Those rules match everything for the given chains (input, output and forward)
>don't they ? In that case, why is ipchains still going down to find other matching
>rules ?
> > >
> > > Thanks
> > >
> > > Philippe
> > >
> > > Bret Hughes <[EMAIL PROTECTED]> writes:
> > >
> > > > Wellington Terumi Uemura wrote:
> > > >
> > > > > Question 1:
> > > > > Here is my basic script:
> > > > > #!/bin/sh
> > > > > PATH=/sbin
> > > > >
> > > > > ipchains -P input ACCEPT
> > > > > ipchains -P output ACCEPT
> > > > > ipchains -P forward ACCEPT
> > > > > ipchains -F
> > > > > ipchains -P input REJECT
> > > > > ipchains -P output REJECT
> > > > > ipchains -P forward REJECT
> > > > > ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 22 -j ACCEPT
> > > > > ipchains -A input -p tcp -s 192.168.0.0/24 -d 192.168.1.3 23 -j ACCEPT
> > > > > ipchains -A output -p tcp -s 192.168.1.3 22 -d 192.168.0.0/24 -j ACCEPT
> > > > > ipchains -A output -p tcp -s 192.168.1.3 23 -d 192.168.0.0/24 -j ACCEPT
> > > > > ipchains -A input -s 0/0 -d 0/0 -j REJECT -l
> > > > > ipchains -A output -s 0/0 -d 0/0 -j REJECT -l
> > > > >
> > > > > The last two lines that i want to know about,if i move then to the top of
> > > > > the script even if i open the telnet and ssh like i did,the ipchains dont
> > > > > accept connections for telnet and ssh,why???
> > > > > I use this last two lines for debug proposes and i know if i comment this
> > > > > lines out,everything bellow will work,but i dont understand the why!
> > > > >
> > > >
> > > > I believe IP chains cruises down the "chain" of rules until one matches.
> > > > then does what ever the target is. It can be another set of rules or
> > > > one of the special actions like REJECT. By putting these lines first the
> > > > packet matches the rule, and rejects the packet and stops. Order is
> > > > important since each rule is examined in the order they appear and if
> > > > matched no other action will be taken.
> > > >
> > > > >From the ipchains man page
> > > >
> > > > TARGETS
> > > > A firewall rule specifies criteria for a packet, and a
> > > > target. If the packet does not match, the next rule in
> > > > the chain is the examined; if it does match, then the next
> > > > rule is specified by the value of the target, which can be
> > > > the name of a user-defined chain, or one of the special
> > > > values ACCEPT, DENY, REJECT, MASQ, REDIRECT, or RETURN.
> > > >
> > > > In this case the 0/0 notation must mean all hosts. I am used to seeing
> > > > it as 0.0.0.0/0 but this is more concise. It threw me a little because
> > > > I have not messed with this stuff for a while and had to figure out the
> > > > host src and dest notation.
> > > >
> > > >
> > > > Hope this helps.
> > > >
> > > > Bret
> > > >
> > > > > Question 2
> > > > > Every body know about hackers doing party on internet servers they dont
> > > > > own,so,i have an idea and doesn't know if this it's possible.
> > > > > If we put a prog to check our systems ( servers ) like portsentry,iplogger
> > > > > or whatever and create a script or program to filter this logs,grab the
> > > > > attackers IP, and auto-generate ipchains rules against the intruder???
> > > > > I mean,to take over a server you need to scan it first,or do an search on
> > > > > open ports and then attack(DOS attacks and many others).For example,port
> > > > > scanners searchs are fast ( last than 1 sec for x ports ) but they come from
> > > > > the same source,taking base on this "magic program or script" will lock up
> > > > > IPs that change from one port to another in x secs and then generate an
> > > > > ipchains whatever -j REJECT.
> > > > > This is just a idea,and example,this kind a prog cam be made or allready
> > > > > exist?
> > > > >
> > > > > Thanks
> > > > > ______________________________________________________
> > > > > Get Your Private, Free Email at http://www.hotmail.com
> > > > >
> > > > > --
> > > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > > as the Subject.
> > > >
> > > >
> > > > --
> > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > as the Subject.
> > >
> > > --
> > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > as the Subject.
> >
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
