PDA

View Full Version : what is ipchains in linux



sundeep
02-14-2002, 06:09 AM
hi

what is ipchaining in linux.

DATA
02-16-2002, 08:10 AM
hi,

ipchains is the command to enable firewall/packet filter/packet masquerading capability in linux.

regards Data.

DATA
02-16-2002, 08:48 AM
HI SUNDEEP,


here is a good link for ur understanding

http://www.askjeeves.com/main/metaAnswer.asp?t=m&s=a&en=directhit&o=0&frames=True&url=http%*A%2F%2Fask%2Edirecthit%2Ecom%2Ffcgi%2Dbin%2FRedirURL%2Efcg%*Furl%*Dhttp%*A%2F%2Fwww%2Esans %2Eorg%2FinfosecFAQ%2Ffirewall%2Fblocking%5Fipchains%2Ehtm%26qry%*DDeny%2BReject%2BIpchains%26rnk%*D *%26cz%*D7e0a4d0d**8dcdd4%26src%*DDH%5FASK%5FSRCH%26u%*D&ac=-*&pt=Top+Ten+Blocking+Recommendations+Using+ipchains&dm=http%*A%2F%2Fwww%2Esans%2Eorg%2FinfosecFAQ%2Ffirewall%2Fblocking%5Fipchains%2Ehtm&io=2&qid=6E86A*D62F56884080*A**CF5F*E088A&back=meta%*D*%26site%5Fname%*D%26origin%*D0%26ask%*DDeny%2BReject%2BIpchains%26qsource%*D56%26rspick %*Drs&ask=Deny+Reject+Ipchains&dt=0202*6072746


that was * hyperlink!
regards Data.

DATA
02-16-2002, 08:52 AM
hyper link is not working...


it does not say its copy righted .so i am gonna paste it here.

this is just a part of it.

i hope ur search for same shows on google.

Top Ten Blocking Recommendations Using ipchains
Paul Tiedemann
August 8, 2000

The following ** sections for this assignment will be demonstrated using a Redhat Linux 6.* operating system using IPChains as the packet-filtering device. I have made the assumption that eth0 is the external interface. For each section I will begin with a brief explanation why the particular services should be blocked followed by how the services work and how I can block these services using the IPChains rules. I will also try to include some helpful hints I have picked up along the way.

Exercise I Blocking spoofed or private (RFC***8) addresses.

There are a few packets we should never see on the firewall. These packets do not occur naturally in the wild. These consist of spoofed packets claiming to be coming from an internal address, unroutable packets destined for your internal network that that should have never made it past the prior router, and various other packets that exist only to cause pain and suffering for the firewall administrator.

You should always block packets from entering your network if the source or destination appears to be a private (RFC***8) address. They never should have been routed to you in the first place. Their very existence means that some other network administrator hasnt done a very good job at egress filtering. However, only the destination address seems to be filtered for private addresses in the real world. What this means is that it is quite likely you will see some packets that seem to be originating from a private address and are addressed to your internal network. These packets only have two origins, the first being malicious spoofing and the second, being a very confused network administrator who doesnt understand network address translation. Both are unacceptable and should be filtered at your perimeter. Here is the rules list for adding the rules to the IPChains rule set. Note: I am using the b flag indicating that these are bi-directional, which means the rule will match packets either to or from the IP address range specified.



# rules for standard unroutables

ipchains A input i eth0 s 255.255.255.255/*2 b j DENY

ipchains A input i eth0 s *27.0.0.0/8 b j DENY



# rules for private (RFC***8) addresses

ipchains A input i eth0 s *0.0.0.0/8 b j DENY

ipchains A input i eth0 s *72.*6.0.0/*2 b j DENY

ipchains A input i eth0 s **2.*68.0.0/*6 b j DENY



#rule for reserved addresses

ipchains A input i eth0 s 240.0.0.0/5 b j DENY



# rule for protecting internal network from spoofing

ipchains A input i eth0 s (insert internal network here) j l DENY
Now here is a short explanation of what these rules mean:

ipchains this is the command to interact with the firewall

-A input this option means to append a rule to the end of the named chain in this case the input chain

-i eth0 this the interface to apply the rule against (in this case my external ethernet interface)

-s this option indicates the source address used for filtering

-b this option indicates the rule is bi-directional meaning it applies to packets from or to the address specified

-l this option means to log the packet to the syslog facility

-j DENY this option indicates the target for the packet in this case it says to silently drop the packet