= TR> |
|
|||||
=20
|
By |
Stay Current! |
Subscribe to our Security Alert =
Newsletter! |
Subscribe to our Linux Security Week =
Newsletter! |
Download our Quick=20
Reference Card! |
Download the comp.os.linux.security FAQ =
|
Download the Linux Security HOWTO=20
|
The Type of Service values can be one of the following:=20
# iptables -A PREROUTING -t mangle -p tcp --sport telnet \ -j TOS --set-tos Minimize-Delay # iptables -A PREROUTING -t mangle -p tcp --sport ftp \ -j TOS --set-tos Minimize-Delay # iptables -A PREROUTING -t mangle -p tcp --sport ftp-data \ -j TOS --set-tos Maximize-Throughput
The detailed logging that netfilter provides enables a firewall =
administrator to not only troubleshoot potential system problems, =
but also=20
to track a potential intrusion, and correlate it with other =
systems and=20
events. The example below shows how to reduce the number of =
packets=20
originating from the 192.168.1.1 host that are logged: # iptables -A INPUT -s 192.168.1.1 -m limit --limit =
1/second -j LOG
It is also possible to log messages at different log levels =
and with different prefix notes:
# iptables -A INPUT -s 192.168.1.1 -j LOG =
--log-prefix ' ##Router## '
This will log all traffic originating from the 192.168.1.1=20
host and prepend the string " ##Router## " to each entry. It =
produces the=20
following log output: Jan 28 23:18:42 magneto =
kernel: ##Router## IN=eth0 OUT==20
MAC=00:60:67:36:9b:c8:00:60:67:30:ac:e5:08:00 SRC=192.168.1.1=20
DST=192.168.1.206 LEN=312 TOS=0x10 PREC=0x00 TTL=64 ID=9189 =
DF=20
PROTO=TCP SPT=22 DPT=1023 WINDOW=32120 RES=0x00 ACK PSH =
URGP=0
Additionally, it also provides the ability to log packets=20
based on many other criteria. More information in logging in =
general (MAC=20
address, etc). A rule such as the following:
# iptables -I INPUT -m mac --mac-source =
00:60:67:30:AC:E5 -j LOG
produces log output similar to the following: Jan 28 23:15:19 magneto kernel: IN=eth0 OUT==20
MAC=00:60:67:36:9b:c8:00:60:67:30:ac:e5:08:00 SRC=192.168.1.1=20
DST=192.168.1.206 LEN=528 TOS=0x10 PREC=0x00 TTL=64 ID=7738 =
DF PROTO=TCP=20
SPT=22 DPT=1023 WINDOW=32120 RES=0x00 ACK PSH URGP=0=20
Jan 28 23:15:19 magneto kernel: IN=eth0 OUT==20
MAC=00:60:67:36:9b:c8:00:60:67:30:ac:e5:08:00 SRC=192.168.1.1=20
DST=192.168.1.206 LEN=528 TOS=0x10 PREC=0x00 TTL=64 ID=7738 =
DF PROTO=TCP=20
SPT=22 DPT=1023 WINDOW=32120 RES=0x00 ACK PSH URGP=0=20
Recent Features: |
Download the comp.os.linux.security FAQ =
|
It's no longer necessary to bind a rule with an interface. It's = now=20 possible to specify the "in" interface or the "out" interface for = basing=20 filtering decisions.
Ipchains and ipfwadm modules exist for backward compatibility = with the=20 old systems. Note that you can only have one loaded at a time. You = can't=20 have ipchains and some new iptables rules.
Linux 2.4 NAT HOWTO
This document describes how to do =
masquerading, transparent proxying, port forwarding, and other =
forms of=20
Network Address Translations with the 2.4 Linux Kernels.
http://www.linuxsecurity.com/resource_files/firewalls/NAT=
-HOWTO/index.html
Netfilter Mailing list:
Send a message to=20
netfilter-request@lists.samba.org with "subscribe" in the subject =
to=20
subscribe. Visit the netfilter web site for more information.
Cli=
ck to=20
subscribe
SYN Cookies:
SYN cookies are particular choices of =
initial=20
TCP sequence numbers by TCP servers.
ftp://koobera.math.uic.edu/syncookies.html
Stateful inspection in action: What is a Stateful Inspection of a Firewall? Configure firewall logging and alert mechanisms Linux Network Address Translation Network Address Translation Whitepaper Setting up Squid as your caching proxy Proxy Internet Access With Squid High Performance Web Caching With Squid Network (In)Security Through IP Packet Filtering An Architectural Overview of UNIX Network Security Design the firewall system Linux Network Administrator's Guide: Chapter 9, TCP/IP=20
Firewall
This document shows=20
graphically how Check Point's FW-1 works as a stateful packet=20
filter.
http://www.checkpoint.com/products/technology/page2.html<=
/A>
This is =
a short=20
document that describes the stateful inspection firewall.
http://www.zdnet.com/zdhelp/stories/main/0,5594,2643722,0=
0.html
This =
brief=20
CERT document describes the concepts behind firewall logging and =
its=20
importance.
http://www.cert.org/security-improvement/practices/p059.h=
tml
This document =
describes the=20
various forms of address translation and implementations of it on=20
Linux.
http://linas.org/linux/load.html
This is a =
pretty good=20
document that describes how NAT works.
http://www.enterasys.com/products/whitepapers/ssr/network=
-trans/
A document to =
get=20
started using the squid caching proxy server.
http://www.linuxsecurity.com/articles/firewalls_article-1=
814.html
This squid document=20
describes how to configure logging and access control.
http://www.linuxsecurity.com/articles/server_security_art=
icle-281.html
Performance =
tuning=20
squid.
http://www.linuxsecurity.com/articles/server_security_art=
icle-1589.html
One =
of the=20
original documents that describe some of the deficiencys with =
packet=20
filtering.
http://www.greatcircle.com/pkt_filtering.html
A =
somewhat=20
dated document now, but still does a great job of pointing out the =
risks=20
in network security.
http://www.geocities.com/SiliconValley/Bay/9952/net_unix.=
htm
A firewall document that =
discusses=20
topology, several types of firewall implementations, trade-off =
analysis=20
and more.
http://www.cert.org/security-improvement/practices/p053.h=
tml
The full chapter of the NAG. Starts at the =
beginning and=20
provides several real-world packet filtering examples.
http://www.oreilly.com/catalog/linag2/chapter/ch09.html=
A>
Contact Us | Legal=20
Notice | About Our=20
Site =A9 Guardian = Digital, Inc.,=20 2000 |
|