[ILUG] Strange firewall log enteries [?hacking attempts]
thomas at wibble.to
Tue May 11 13:18:42 IST 2004
On Tue, May 11, 2004 at 12:46:15PM +0100, Timothy Murphy wrote:
> On Tuesday 11 May 2004 08:19, Paul Jakma wrote:
> > # iptables -L scans -v -n | awk -f ~/scan-table.awk
> Is there a tutorial for the simple-minded anywhere
> on how to check one's firewall?
How do you mean check?
You can see the listing in iptables -L.
There was a posting a while back on the Cork list on iptables
configuration, however it makes the foolish recommendation of blocking
all ICMP traffic, so caveat emptor.
> Incidentally, if you have a local LAN,
> with everything coming from the outside world
> through one master machine,
> do you run iptables on the "leaves",
> or is it sufficient just to run it on the master?
Depends on if you're just concerned about outside attacks. If you're
not concerned about local users, just the master (the correct technical
term is router by the way) is sufficent, otherwise, you might need
to lock the local servers down as well.
At some stage in the near future I am going to write an IP tables for
> Final question: why did I put
> $IPTABLES -A INPUT -p tcp --sport 6881:6999 -j ACCEPT
> $IPTABLES -A INPUT -p tcp --dport 6881:6999 -j ACCEPT
> in my rc.local ?
> Was it a good idea?
You guess is as good as any :) You should always comment things like
this you know - IP tables rules are just like C programs :)
Actually, depending on your distribution this is probably not the
place to put it - RedHat and Debian both come with iptables packages
which include an option to save the active rules for reboots, so
putting rules elsewhere is going to cause headaches later when
trying to debug things,
More information about the ILUG