Linux

So…I try to download both Suse 10.1 and Kubuntu 6.06 via torrent and it turns out that there are no seeds for Suse. Ah well, as long as I get something that works it doesn’t matter what the distro is called…maybe. But if it’s called Devil 6.6.6. and it turns out that, while you try to install it on your computer, the kernal requires a human soul…would you give one for the distro? Or would you be inclined to give your soul away in order to discover whether or not souls exist? Of course, when you decide to give your soul away, it will turn out that souls are just discarded pen caps. That, and you left your pen cap in a garbage can back when you were in elementary school.

Yes…anyway, has anyone ever tried Cedega before? I’m curious, but all there is to go on are posts about Cedega and the well polished Cedega web site.

Also, this firewall script is from Linux Online, do you think there are any more tweaks required to make it better? I’m not familiar with all of the commands and options, but I can vaguely appreciate the gist thanks to the lessons.

#!/bin/sh

IPTABLES=/sbin/iptables

# start by flushing the rules
$IPTABLES -F

## allow packets coming from the machine
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT

# allow outgoing traffic
$IPTABLES -A OUTPUT -o eth0 -j ACCEPT

# block spoofing
$IPTABLES -A INPUT -s 127.0.0.0/8 -i ! lo -j DROP
$IPTABLES -A INPUT -s 192.168.0.3 -j DROP

# stop bad packets
$IPTABLES -A INPUT -m state --state INVALID -j DROP

# NMAP FIN/URG/PSH
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
# stop Xmas Tree type scanning
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# stop null scanning
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
# SYN/RST
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
# SYN/FIN
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# stop sync flood
/sbin/iptables -N SYNFLOOD
/sbin/iptables -A SYNFLOOD -p tcp --syn -m limit --limit 1/s -j RETURN
/sbin/iptables -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp -m state --state NEW -j SYNFLOOD
# stop ping flood attack
/sbin/iptables -N PING
/sbin/iptables -A PING -p icmp --icmp-type echo-request -m limit --limit 1/second -j RETURN
/sbin/iptables -A PING -p icmp -j REJECT
/sbin/iptables -I INPUT -p icmp --icmp-type echo-request -m state --state NEW -j PING

#################################
## What we allow
#################################

# tcp ports

# smtp
$IPTABLES -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# http
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# pop3
$IPTABLES -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# imap
$IPTABLES -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
# ldap
$IPTABLES -A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
# https
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# smtp over SSL
$IPTABLES -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
# line printer spooler
$IPTABLES -A INPUT -p tcp -m tcp --dport 515 -j ACCEPT
# cups
$IPTABLES -A INPUT -p tcp -m tcp --dport 631 -j ACCEPT

## restrict some tcp things ##

# ssh
$IPTABLES -A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 22 -j ACCEPT
# samba (netbios)
$IPTABLES -A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 137:139 -j ACCEPT
# ntop
$IPTABLES -A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 3000  -j ACCEPT
# Hylafax
$IPTABLES -A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 4558:4559 -j ACCEPT
# webmin
$IPTABLES -A INPUT -p tcp -m tcp -s 192.168.0.0/16 --dport 10000  -j ACCEPT

# udp ports
# DNS
$IPTABLES -A INPUT -p udp -m udp --dport 53 -j ACCEPT
# DHCP
$IPTABLES -A INPUT -p udp -m udp --dport 67:68 -j ACCEPT
# NTP
$IPTABLES -A INPUT -p udp -m udp --dport 123 -j ACCEPT
# SNMP
$IPTABLES -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT

## restrict some udp things ##

# Samba (Netbios)
$IPTABLES -A INPUT -p udp -m udp -s 192.168.0.0/16 --dport 137:139  -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --sport 137:138 -j ACCEPT

# finally - drop the rest

/sbin/iptables -A INPUT -p tcp --syn -j DROP

Is there a simple way to block a large number of IPs without typing them all in manually? Will that slow down the firewall? Would I be better off using PeerGuardian Linux to block IPs with?

Finally, can Linux users edit a HOSTS file like one would for Windows? Where would it be?

Advertisements

One response to “Linux

  1. It turns out that Ubuntu comes with iptables installed. This firewall is strong enough to earn the kudos of Gibson’s Shields UP so I can’t complain.

    PG Linux is good as an IP filter, but from Linux forums I have learned that the PG Linux project is somewhat neglected. A competing project called Moblock seems quite promising and I will watch it blossom into a program worthy of mass consumption.

    Linux does have a HOSTS file that can be found under /etc/HOSTS. This file can be edited just like the Windows HOSTS file and produce the same result. Internet at my pace…damn right.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s