PDA

View Full Version : [ubuntu] Post your firewall configurations here?



Lord Xeb
June 22nd, 2008, 05:59 AM
Is this allowed? If so, post them up!

lisati
June 22nd, 2008, 06:05 AM
My ADSL modem has its default firewall settings, and my wireless+cable router has MAC access restricions. Beyond that, I'm not saying (for now!)

tubbygweilo
June 22nd, 2008, 09:21 AM
Beyond that, I'm not saying (for now!)
Neither am I! (a retired social engineer):)

Lord Xeb
June 22nd, 2008, 10:04 AM
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (0 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT udp -- dns-cac-lb-03.ohiordc.rr.com anywhere udp spt:domain
ACCEPT udp -- dns-cac-lb-04.ohiordc.rr.com anywhere udp spt:domain
REJECT tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable


This is effective :D It thwarted one of my hacker friends <_<

lisati
June 22nd, 2008, 10:20 AM
No offense intended to the OP but I'd rather be spending my time browsing these forums (while my other machine's making sense of video footage I've recorded for friends and family) than trying to repair damage done by someone malicious soul who might stumble on an unintentionally revealed weakness in my setup. I have absolutely no idea who might be viewing these forums as a guest.

fahadsadah
June 22nd, 2008, 02:49 PM
Posting firewall configs?
No thanks...

Miademora
June 22nd, 2008, 02:55 PM
Well id prefer to find that weakness by posting here instead of praying that there isnt one.

hyper_ch
June 22nd, 2008, 05:31 PM
my computer has only default firewall settings... meaning let pass everyting ;)

Chayak
June 23rd, 2008, 07:39 PM
My firewall?
Cisco 1841 ISR with the security image (1st layer)
Cisco ASA 5505 w/ security plus (2nd layer)

Yeah I have a lot of cisco gear but I'm working on my CCNP/CCSP

That's the physical configuration. The running-config(s) will never cross the internet. I'll share them for peer review with other security guys that I know but posting on a public forum? That's like giving the plans of the Deathstar to the rebels. It may be hard to destroy but the contractors forgot to put a grate over an exhaust port the size of a womp rat.

MythosLegend
June 27th, 2008, 04:53 PM
I'm running a client desktop and sitting behind a end-user router.
I only have a basic understanding of iptables.

Here it is



Chain INPUT (policy DROP)
target prot opt source destination
DROP 0 -f anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:www state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https state ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp echo-reply
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 60 hit_count: 8 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Poke holes if you want.

fahadsadah
June 27th, 2008, 04:57 PM
You want a good configuration?
What's wrong with dropping everything? (unless you run servers, in which case accept traffic to them)

MythosLegend
June 27th, 2008, 05:09 PM
If I drop everything, I won't be able to use the internet.

firsttimeuser
June 27th, 2008, 09:09 PM
here is mine
@noname:~$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 127.0.0.1 0.0.0.0/0
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:514
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2223
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:5353
LOGDROP all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain LOGDROP (1 references)
target prot opt source destination
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `IPTABLES '
DROP all -- 0.0.0.0/0 0.0.0.0/0