You can also look into PMFirewall. It's an excellent, extremely easy-to-use IPChains configuration tool.
----- Original Message ----- From: "Lawrence Frewin of Accommodation.com" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 27, 2001 11:24 AM Subject: Re: [cobalt-security] Calling all IPChain Gurus > Check out the following thread on the UK2 egroups message board: > > http://groups.yahoo.com/group/raq/message/9531 > > The firewall-on script does a reasonable job of setting up IPchains for > basic usage. > > There have been some recent changes to the recommended setup, try searching > the message board for firewall-on. > > Regards > > Lawrence > > > > > > ----- Original Message ----- > From: "Domain Guy" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 27, 2001 6:17 PM > Subject: [cobalt-security] Calling all IPChain Gurus > > > > Pardon the obviously wanker address, but I wish to keep the current state > of > > our site's security (or lack thereof) less than well known. > > > > -- > > > > After scouring dozens of helpful posts and resources I am finally > beginning > > to get a bit of handle on IPChains. Which is to say that I am still > fairly > > lost ;) > > > > So far, I am using the rules generated via the firwall configurator found > > at: > > > > http://www.linux-firewall-tools.com/linux/firewall/index.html > > > > I am still uncertain if the rules that are set are appropriate. I am > > looking for a set of IPChain commands that I can run via a shell script > that > > will reject (with logging?) everything, with the exception of the > following: > > > > > > - allow FTP access *to* the machine but only from a priviledged IP > > > > - allow FTP access *from* the machne (to get files etc.) > > > > - allow mail to get to the machine (this box will run sendmail with POP > > clients accessing it) > > > > - allow mail to get out (not only will the webserver send mail, but so > will > > POP clients) > > > > - allow SSH access (to and from the machine) > > > > - allow DNS to operate (this box is a web server that will also act as its > > primary dns, at least to start) > > > > - allow web in, including SSL access and also admin access (port 81) > > > > - allow web out (command line lynx, wget etc.) > > > > > > Basically your standard web server/small time web host setup. > > > > Any input would be extremely helpful, and would go towards a > > mini-cobalt-as-webserver/webhost-ipchains FAQ that I will eventually > > compile... if this doesn't first drive me batty instead. > > > > Best regards, > > Gordon > > > > > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > > > _______________________________________________ > > cobalt-security mailing list > > [EMAIL PROTECTED] > > http://list.cobalt.com/mailman/listinfo/cobalt-security > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
