1.How do you block access to specific ports from unknown hosts and networks?
There are two firewall technologies, ipchains and iptables, that can block network access to a server or services. Let’s take a quick look at both.
Assuming that you already have iptables or ipchains installed, configuration is simple — as long as you plan ahead. Planning is key, especially when deploying computer security.
There are two approaches to system security: Explicitly deny what you do not want, and explicitly allow what you do want. Any security consultant worth his or her PGP key will recommend the latter approach. The philosophy is that it’s much easier to allow what you want and keep everything else locked up safely, rather than to try to keep up with everything that’s impermissible. In other words, reject everything unless there’s a good reason to make an exception.
Let’s say that you only want to accept incoming ssh connections from the host at 100.100.100.100. Using iptables, the following commands configure the firewall to enforce that rule:
/sbin/iptables -A INPUT -s 100.100.100.100 -destination-port ssh -j ACCEPT /sbin/iptables -A INPUT -destination-port ssh -i eth0 -j DROP
Each iptable command defines a single firewall rule, and rules are processed in the order in which they’re defined.
The first command defines the rule, “If the incoming connection (designated by the -A INPUT option) originates from host 100.100.100.100 and is an ssh request, accept the connection.” The second command defines the rule,…
Please log in to view this content.
Not Yet a Member?
Register with LinuxMagazine.com and get free access to the entire archive, including:
