logo © 1996 Phil Waclawski
Felitaur Site
Offerings
About Me
Crafts
Services
ftp files
Help Files
What's New?
Home Page
Other Links
Anatomy &
Physiology
Arthropods
Biology
Computers
Ferrets
Fun Links
Internet
Linux
S.C.A.
Win 95/NT
Comments or
Suggestions
webmaster@ felitaur.com
   
Firewall Section
[Linux System Administration Homepage]
Overview
  • Firewall (packet filter)
  • Default rules
  • Hardware vs. Software
  • Stateful vs. Stateless
Goals:
  • Know the basic rules for setting up a firewall
  • Configure a basic IPtables firewall
  • Understand the difference between a stateful/stateless firewall
Files/directories covered:

Commands:
iptables
iptables -t filter -L -nv | less
/proc
levy.pl (--log-level info)
/sbin/iptables -A DUMP -p tcp --dport 137:139 -j DROP
/sbin/iptables -A DUMP -p udp --dport 137:139 -j DROP
nmap and nmapfe
nmap -vv -sS -p 1-65535 -T insane -O -P0 140.198.x.x ip_conntrack_ftp
iptables-save
then copy that to /etc/sysconfig/iptables for redhat's setup
Assuming you have rpmforge as a repository, do the following:
yum install nmap-frontend
zenmap

Questions
  • What is a stateful firewall? How is it better/worse than a stateless one?
  • What type of firewall would be best for ftpd?
  • What are the limitations of firewalls? Why would adding snort in addition to a firewall be a good idea?
  • What should the default rules be on a firewall for INPUT, OUTPUT and FORWARD? (With iptables, using stateful rules, is that still considered an issue?)
  • Why will you get a different result if you scan your system's firewall from the inside vs. the "outside"?
  • What is NAT? How about VPN?
Activites
  • Make an iptables script (use firestarter if you wish)
  • Then turn off portsentry
  • Go to GRC.com and try both "Shields up" and Probe my Ports
  • (WAIT! DON'T DO this yet!)Go to Hacker Whacker click on "Free Security Scan" and give them an email you can access easily and scan yourself (I want a copy of the results).
    DON'T do this unless you have portsentry off, your firewall configured and all your updates in place.
  • Scan Each Other
    1. Person scanning must turn firewall off
    2. Person BEING scanned must kill portsentry
    3. Person scanning types "zenmap" as root
    4. Person scanning checks ports 1-65535
    5. Person Scanning puts in the other persons IP#
    6. Person Scanning then copies results to a file and prints them for the teacher.
    7. You then reverse roles (ie turn firewall back on while other turns it off, same for portsentry)
References
This page last updated on: