HOWTO: Set a custom firewall (iptables) and Tips [Beginners edition]

[frodon]

I don't use ssh so i have never tested but you can try to open the dns port indeed, it is something to try :

Code:

iptables -A TRUSTED -i eth0 -p udp -m udp --dport 53 -j ACCEPT

[theslide]

Thanks for the reply. I've been doing some fiddeling.

I have tried opening port 52 as you suggest but to know avail. Looking in the /etc/services file it lists has no listing for DNS, but list MDNS at being on port 5353. What do you know about this?

Also in your example from the last post, and in your first 'examples' section, you use the -o (out-interface) switch to open the port for DNS. Am I right in thinking that for the firewall.bash code you posted though, you only need the -i (in-interface) switch because we do not block any outgoing traffic?

I've been reading around and I think the problem might that the computer cannot register itself with the DNS. Though I'm not too sure how to fix this.

I guess more reading is needed

Alex

[frodon]

Good catch ! i mistakenly posted the wrong line, the one i posted was for output packets which is senseless here. Try with -i indeed.

I'm correcting my previous post.

Setting accurately a firewall often requires some testing but i'm sure it shouldn't be too long.

[Viktor]

Thanks for the great guide.
I have a question though. I have used the scripts on the first page but still get ports that are closed but not stealth in the shields up test. Am I missing something. I have done no changes to the script on the first page.

Is it possible to get all ports to be stealth? If so, how do I do. Thanks for the great guide by the way.

This is the output from shields up:

GRC Port Authority Report created on UTC: 2008-01-31 at 18:09:00

Results from scan of ports: 0-1055

0 Ports Open
5 Ports Closed
1051 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 0, 1, 25, 113, 443

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

[frodon]

Are you using a router ?

[Viktor]

Im connected via a cable modem. No router.

[frodon]

Then try to think what could create this false result, shieds up is only able to test your firewall if you are directly connected to internet otherwise it will test the device before your computer (most often your router).
If you didn't change anything to the script and if you are directly connected to internet without connection sharing, router, switch, ... then you should not have this result.

I have removed the uneeded https line in my script, see if it have a concequence on your closed 443 port.

EDIT: thanks to your feedback i have removed some more lines out of the given script, the one in first post now should be even more safe

[Viktor]

Thanks for the help, I updated the files and now 113 and 443 appear as stealth. three still remains though. Could this be caused by my cable modem?

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2008-02-02 at 09:12:16

Results from scan of ports: 0-1055

0 Ports Open
3 Ports Closed
1053 Ports Stealth
---------------------
1056 Ports Tested

NO PORTS were found to be OPEN.

Ports found to be CLOSED were: 0, 1, 25

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

/Viktor

[shelbydz]

Hi,

Thanks for building this how-to for us! Great stuff. I do have a few questions:

Is there a way to turn ping reply off? (it may be in the 18 pages of replies, but I didn't see it). I don't want my computer talking via ping (:

Is there any way to secure up the bittorrent ports? When I test them (default 6881 - 6999) the site comes back with CLOSED for 6881-68889. Does this mean that those ports are in use, but closed to probing? Should I be worried or is this what I want? The rest of the ports report back as Stealth.

Thanks again,

[frodon]

Some applications like bittorrent require to open a port so you have no other choice than opening the port to get it working correctly however that don't mean that you are vulnerable because you open this ports. To be exact because you have no service running on this port the port will not answer to request and it is why it is seen as closed and not just open.
So you have not to worry too much about that.
Any other port that you have not opened will be stealth which is even more safe than just closed.

Have you tested that you computer answer ping request with the firewall ?