[rlug] Re: IPCHAINS -- regula sshd

Ionut MURGOCI Tue, 12 Sep 2000 06:04:44 -0700

 aceeasi chestie .. nu merje ...
am incercat .. stiu ca -P nu-ti mai aloca privileged port dar nu merge .. 

On Tue, 12 Sep 2000, Mircea Ciocan wrote:

>       Mai ai o shansa, incearca sa te conectezi la tine cu ssh -P si vezi ce
> se intimpla, poate portul efemer e sub 1024, OpenSSH mai are obiceiul de
> a vrea un port efemer sub 1024, asta by default, -P il urca sus la
> >1024.
> 
>               Mircea C.
> 
> 
> Ionut MURGOCI wrote:
> > 
> >   Si cum iti explici faptul ca telnet, smtp, dns .. si asa mai departe
> > merg ? si ieri merea ?
> > 
> > On Tue, 12 Sep 2000, Mircea Ciocan wrote:
> > 
> > >       Eh, paketele alea de SYN pe care le-ai blocat, te vor proteja la SYN
> > > flood, si de asemenea-i vor proteja pe altii sa se conecteze la tine :).
> > > Incearca cu syn-cookies ca mijloc amarit de protectie ( e cam tot ce
> > > poti face daca ai un port deschis) si lasa bietele packete sa vina la
> > > tine ca altfel nu se va putea conecta nimeni.
> > >
> > >                               Mircea C.
> > >
> > >
> > > Ionut MURGOCI wrote:
> > > >
> > > >   Salut, am si eu o problema cu regulile la sshd. Mi-am facut un firewall,
> > > > tot ce vreau merge bine inafara de sshd. Daca un user da ssh din afara
> > > > il rejecteaza, iar daca dau ssh din inauntru in afara merge.
> > > > Regulile sunt urmatoarele :
> > > > Mai intai :
> > > > default policy pt input si output e reject - si asa tre sa ramana
> > > > apoi reguli pt ssh client si server :
> > > > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE
> > > > $UNPRIVPORTS
> > > > -d $ANYWHERE 22 -j ACCEPT
> > > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE 22
> > > > -d $ANYWHERE $UNPRIVPORTS -j ACCEPT
> > > > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE $SSH_PORTS
> > > > -d $ANYWHERE 22 -j ACCEPT
> > > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y -s $ANYWHERE 22
> > > > -d $ANYWHERE $SSH_PORTS -j ACCEPT
> > > > ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp -s $ANYWHERE 22 -j ACCEPT
> > > > ipchains -A output -i $EXTERNAL_INTERFACE -p tcp -d $ANYWHERE 22 -j ACCEPT
> > > >
> > > >  Unde:
> > > > ANYWHERE="any/0"
> > > > PRIVPORTS="0:1023"
> > > > UNPRIVPORTS="1024:65535"
> > > > SSH_PORTS="1022:1023"
> > > >
> > > >   Puteti sa-mi ziceti si mie unde-i baiu' ca mie mi se par corecte
> > > > regulile pt server.
> > > > Thx!
> > > >
> 
> ---
> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to 
> unsubscribe from this list.
> 

-- 
----------------------------------------------------------
Imagination is the only weapon in the war against reality.
Sysadmin - Computer Science Highschool - IASI  *


---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to 
unsubscribe from this list.
[rlug] Re: IPCHAINS -- regula sshd

Raspunde prin e-mail lui
