I am using Slackware 8.1

I have done the following in an effort to secure my machine:

hosts.deny is set to ALL: ALL

All services not required in inetd.conf are disabled

Iptables has the rules:

FORWARD DROP
INPUT -p tcp --syn -j DROP
INPUT -p udp -j DROP
INPUT -p icmp -j DROP

I want to achieve a state where no connections will be accepted by my machine, or in the case of TCP, only if I first request the connection. What I have done works, however, I do not know if it is complete. Have I covered all the protocols I need to?

With these iptables rules is hosts.deny redundant in the sense that no connections will reach it? Is that also true of inetd.conf?

Currently, how secure is my machine? How can I improve its security?

Thank you for any help. :)

Those rules would be the same as a policy of DROP.... What did you set the policy to??

Blocking all icmp can be bad...IMHO. need to let some though, but not all. I'll get back to you later on that....

To allow the machine to respond to connections that it starts from it, try adding:

iptables -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

change $EXTIF to your external interface.

Yes that make the rest redundant..... but much safer....

Your machine *should be* invisable on the net, with no connections allowed to it.... You could make it better by turning it off.... ;)

Thanks, jumpedintothefire

So, if I make the rules:

INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
INPUT DROP
FORWARD DROP

That will function in the same manner as what I have now, with the exception of allowing incoming connections on all protocols, if I initiate them?

>Blocking all icmp can be bad...IMHO. need to let some though, >but not all. I'll get back to you later on that....

Please do :)

1) yes, it *should*

2) Have a look at:

http://www.sentry.net/~obsid/IPTables/rc.scripts.dir/current/rc.firewall.iptables.multi

see:
## Special Chain ALLOW_ICMP

destination-unreachable, time-exceeded should be left alone for sure.....

Post back if you need a hand in working those rules into your script.....

A friend set up ipchains for me and now there are things I can't get, but the isp sharing is working fine. I'd like to be able to access just a couple more things though.

I'm looking at the iptables and I've read that I should be using iptables, but what is the difference between iptables and ipchains and if I decide to go with iptables, how would I do it? What would I need to watch out for? I'd probably use the dual example at the sentry site that was linked above.

Thanks!

ipchains just didn't cut it for some of the things that firewall gurus were trying to do.

Don't quote me on this but I think it was something to do with denial of service attacks. I know in iptables you can monitor incoming packets and use a rule to ditch all packets that come from the same ipaddress more than 3 times a minute or so.

I think ipchains can't do this.