[Dshield] IPTables filter chains help - Just noticed that perhaps I'm not l ogging port 135
BKWalker at DRBSystems.com
Thu Aug 14 18:48:57 GMT 2003
Whoops.. Time to re-evaluate my IPTables filtering/NAT'ing.. Any help would
be greatly appreciates.
After making sure modules are loaded, and setting flags in proc/sys/net, I
do the following:
echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -N DUMP
$IPTABLES -F DUMP
$IPTABLES -A DUMP -p tcp -j LOG
$IPTABLES -A DUMP -p udp -j LOG
$IPTABLES -A DUMP -j DROP
<selected opened ports, http, ssh, citrix (to specific servers) etc.>
echo " FWD: Allow all connections OUT and only existing and related ones
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state
ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
-- Now after looking that over, what I think I need to do is change the
policy on INPUT to DUMP but I'm not 100% sure how that'll affect the clients
behind me.. I suppose I could try, but I thought I'd ask folks here.
As I wasn't specifically DUMP'ing 135, that would explain why I saw no hits
on it.. I would prefer to dump everything (ie: log to kernel log to Dshield
gets the information) rather than just the things I've specifically dumped.
More information about the list