Hi! I've recently begun experimenting with IPCHAINS in order to more fully
lock down a couple Redhat 6.2 servers I have. Up until this point I've been
running PortSentry, combined with TCP wrappers, and that seems to have
worked just fine. However, I wanted some more control over the fine
details. As a start, I set the input chain to allow access to some services
such as SSH, WWW, and whatnot, by setting ACCEPT rules on those specific
ports. Then I ended the chain with a rule to DENY everything that wasn't to
one of those ports.
This, of course, led to all kinds of problems. FTP no longer working, and
so on. I'm not masquerading this box. It's stand-alone, so I don't think
the ftp-masq module will help me. I guess the root of my question is, is it
safe to leave all those ports above 1024, excluding the X ports, open? Do I
have to for normal programs to work? I've had no problems locking down the
ports below 1024, but that still leaves about 64,000 of them open, which
makes me uneasy. Should I continue to run Sentry, sort of as a
second-string protection? The firewall would let people in on port 31337
say, but Sentry would nab it.
Any thoughts would be appreciated. I've read the HOW-TOs, and while I now
have a good idea of how IPCHAINS works, I'm still a bit fuzzy on it's
correct and most secure implementation.
Thanks!
Andy
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
