Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Thanks for reading this: I've just implemented IPCHAINS on my server, and am using it for all net traffic. Please share your favorite rulesets: which spamhouses to block, how to prevent probing, whatever. Thanks in advance. So far, here's what I have in place: :input ACCEPT :forward MASQ :output ACCEPT -A input -s 165.87.13.129/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT nameserver -A input -s 165.87.201.244/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT nameserver -A input -s 192.168.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -i ppp0 -j REJECT -l IP Spoofing -A input -s 0.0.0.0/0.0.0.0 80:80 -d 0.0.0.0/0.0.0.0 -p 6 -j ACCEPT web OK -A input -s 0.0.0.0/0.0.0.0 80:80 -d 0.0.0.0/0.0.0.0 -p 17 -j ACCEPT web OK -A input -s 32.97.166.5/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT pop server -A input -s 32.97.166.31/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT smtp server -A input -s 32.97.166.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT " -A input -s 32.97.166.34/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT " -A input -s 32.97.166.35/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j ACCEPT " -A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j ACCEPT Local lan OK -A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l Reject all else - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |