Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IPCHAINS Rulesets: please share your favorites



Thanks for reading this:

I've just implemented IPCHAINS on my server, and am using it for 
all net traffic.

Please share your favorite rulesets:  which spamhouses to block, 
how to prevent probing, whatever.

Thanks in advance.

So far, here's what I have in place:

:input ACCEPT
:forward MASQ
:output ACCEPT
-A input -s 165.87.13.129/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		nameserver
-A input -s 165.87.201.244/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		nameserver
-A input -s 192.168.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -i ppp0 
-j REJECT -l	IP Spoofing
-A input -s 0.0.0.0/0.0.0.0 80:80 -d 0.0.0.0/0.0.0.0 -p 6 -j 
ACCEPT		web OK
-A input -s 0.0.0.0/0.0.0.0 80:80 -d 0.0.0.0/0.0.0.0 -p 17 -j 
ACCEPT		web OK
-A input -s 32.97.166.5/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		pop server
-A input -s 32.97.166.31/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT		smtp server
-A input -s 32.97.166.32/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT			"
-A input -s 32.97.166.34/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT			"
-A input -s 32.97.166.35/255.255.255.255 -d 0.0.0.0/0.0.0.0 -j 
ACCEPT			"
-A input -s 192.168.0.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 
-j ACCEPT	Local lan OK
-A input -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT 
-l				Reject all else

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org