[Tfug] IPTables
Felix Tilley
fetilley at earthlink.net
Thu Oct 4 22:51:24 MST 2007
At the happy hour tonight, there was a brief conversation about
IPTables. I find the man page confusing. Sample scripts would be
useful, but no one is willing to post sample scripts in a public forum,
such as comp.os.linux.security.
I figured out how to DROP packets pretty fast. I also figured out how
to LOG them. But it took me months to figure out how to LOG and DROP at
the same time. It's probably buried there in the man page, but I can't
find it.
The best idea is to LOG and DROP probes from unused ports such as FTP
and HTTP, then LOG and DROP the whole CIDR if it is from undesirable
countries, such as China or Brazil. These ranges are available from
whois.arin.net, whois.apnic.net, and whois.ripe.net, etc.
If the conversants send me their email addresses, I will them send my
script. The logs are very wide, and I will also send bash scripts for
reading the pertinent fields. AWK is faster than bash for this, but I
don't speak AWK.
Felix
More information about the tfug
mailing list