> Can any one tell what all things we can do using IPTABLES for hardening > of Linux system. >
In short, the following are the components of iptables, - Tables : filter/nat/mangle/raw --- Each of them have their purpose - Chains : INPUT/OUPUT/FORWARD etc. --- Like a network packet state - Target : ACCEPT/DROP/LOG/REDIRECT --- The action to perform - Matches : connlimit/owner/limit --- Modules for packet matching Now to give an example, one can add a rule saying, Table:filter->Chain:OUTPUT->Match:owner:dipin->Target:DROP The above rule will discard all outgoing packets for owner 'dipin', this is similar to saying deny network access for user 'dipin'. iptables is a complex system, there are several chains and several extensions for Target and Matches. Trying to know all the features of iptables will take time. The better approach would be to sit down and come up with a security policy and implement it using iptables. -- 0 _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
