Well, one week post-hack I am starting to discover the joys of iptables, which provides packet filtering in the kernel (2.4.x). it's a stateful packet filter and can recognize whether a packet is part of an established connection; this is one of the big improvements over ipchains.
Although it is designed to run packet filtering for a routing firewall, it works nicely for a home based terminal that you use to log into a network. One thing that I find fun is that you can set up various security policies in shell scripts. Right now I have just two. 'firewall' accepts input from trusted machines and from machines that I have established the connections with. The other, 'iptables-denyall doesn't let anything in or out. When I take off for a couple of hours to run some errands, and don't have any processes running locally that need to access the net), I run iptables-denyall. This logs and drops any packet that tries to get in or out to so it's easy to see who is sniffing me. Bad guys get their IP addresses thrown into /etc/iptables/bastardo_machines which is parsed by the firewall script. So when I get back from my errand, I run 'firewall' and can work normally but with a pretty high degree of security. What I like about it is how easily you can switch between security policies (one command). Below are a couple of example scripts for anyone interested. I am a newbie at this and criticisms are welcome. This one is the standard operating procedure (stand alone home machine):
firewall
Description: Binary data
This one is for lock down mode when I am away from the machine and want to log all connections:
iptables-denyall
Description: Binary data
This one resets the rules (accept everything):
iptables-flush
Description: Binary data
JDH
