how-to block ads
|
|
Share Topic
 |
 |
|
|
|
1 edit | reply to HappyDude
Re: Help: Configuring Router IPTables to stealth all ports ... I have to say I agree with Steve. If you use an ISP, and who doesn't, there is very little value in stealth. The people that write automated software that runs remote attacks know the IP addresses that the ISP's use, and just try their attacks against addresses one after another. You are far more likely to have a problem from surfing to the wrong site, downloading bad software, or opening the wrong email. Stealth protects you from none of these things, and results in increased traffic on the internet, since you don't send the proper reply when someone mistakenly tries to access your network (why you won't be a good TCP citizen). That said, it's your choice. Try reading up more on iptables instead of just following the instructions from one link. A good place to learn is:
»www.netfilter.org/
Taking a closer look at your ruleset:
There is a problem in your first subroutine (I'm probably aging myself by using that term),
SetDefaultPolicy() {
# Drop everything
iptables -A INPUT -i eth0 -p tcp --syn -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 0 -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 1 -j DROP
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -F INPUT
"iptables -F" is the command to flush all rules from all tables, so you just flushed (erased) the first three rules you added in the first three lines. "iptables -F INPUT" flushes all the rules from the INPUT table, so you just flushed the INPUT table again, even though it was already empty.
The next section of SetDefaultPolicy:
iptables -N inbound
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i eth0 -j inbound
iptables -A INPUT -i lo -j ACCEPT
iptables -A inbound -m state --state ESTABLISHED -j ACCEPT
iptables -A inbound -m state --state RELATED -j ACCEPT
creates the table "inbound" and forwards all packets from your internal interface (eth0) to it, accepting everything that is ESTABLISHED and RELATED (from a connection that has already had accepted traffic). It also allows all INPUT on lo, your loopback interface.
The next three subroutines block IRC traffic, and reject packets from a host and a network, that you evidently don't like: 10.220.231.236, and 10.220.232.0/24. I hope those aren't the addresses that you are running your scans from!  If you really want to be F-119 kind of stealth, change the -j REJECT ... to -j DROP on those also.
Your SetForwardingRules look okay, and allow all outgoing connections to be established. This should allow you to play any game you like in which you are not running a server.
In SetLoopbackRules
iptables -A INPUT -i lo -j ACCEPT
appears to be redundant, since you already created that rule in SetDefaultPolicy. I don't see where SetLoopbackRules is used other than in (start), but I may be missing something.
This could go on for quite a while. Your ruleset appears to be quite complex, and I believe without digging a lot deeper, that there is more redundancy. I don't see right off the bat what is preventing your FTP ports from being stealthed. It is also possible that your router needs FTP access to download firmware updates, and adds those rules in before anything that you have control of. I would suggest resetting your router to the default rules. Then replace "-j REJECT ..." with "-j DROP" everywhere. I'd really suggest learning iptables and not blindly following what others tell you to do. After all, I could be a bad guy that gives you a bunch of bad commands so I can break into your network.  
(Hint: watch out for Steve, he's very clever  ) Of course, I am joking - he's clever but trustworthy.
Edit: You did run (restart) after changing the rules, right? If you are really set on finding help to debug the rules run
iptables --list
and post the results. That makes it easier. | |
 Greg_ZPremium
join:2001-08-08
Springfield, IL | Even better, pulling that neat cable between the modem & Router will do wonders in Stealthing your connnection also. | |
| reply to mikenolan7
mike, thanks for the response.
These rules are just things that I put together from various sources. I don't truly understand IPTables and how the syntax works. I barely have time to even read the netfilter tutorial.
If its too much to ask, can you help me amend those rules? It seems that you understand IPTables enough to give me recommendations, and it would really help me if you can tell me exactly what to change and how to do it (what lines take place of what).
Thanks very much. I really appreciate it, guys !! | |
Greg_ZPremium
join:2001-08-08
Springfield, IL | Well, if you do not understand ipTables, then you may want to head over to »www.iptables.org/ | |
| reply to HappyDude
What you are asking for would take me several hours, and when it's done you won't have learned anything. This forum is here to provide help, but mostly help in educating yourself, which is the only way to secure your network without hiring professional help. I am a hobbyist, not a professional, I could make a mistake. There are security professionals on this forum that I learn a lot from. If I provide free services, I am undercutting their business. As I said in an earlier post, I could be a bad guy. I prefer to write my rulesets with a more linear flow (not so many subroutines), which is easier to troubleshoot for me. There are many reasons why people are not answering your question the way you are asking.
I will give you an even easier hint to get started. Go to this link from the netfilter site:
»www.yolinux.com/TUTORIALS/LinuxT···way.html
Follow the instructions in Example 2. It will get you up and running. Then continue your education and add to the simple ruleset as you learn more. If that doesn't work for you, return here and I will provide more help on troubleshooting that ruleset. | | |
|
|
