Request for help: Debian firewall, and maybe some kernel upgrade
tips
Chris Bier
chris.bier at cymor.com
Wed Apr 13 11:27:36 CDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jared wrote:
<snip/>
| What's the safest way to upgrade a Debian kernel?
apt-get install kernel-image-2-6-8
|
| Also. Is there any sort of firewall that is real
| easy to configure, something like this:
|
| [SuperEasyFirewall]
| Open=22,80,23
| Blocked=22.23.34.43:[22,80]
| Closed=EverythingElse
|
| I don't understand why a firewall config has to be
| four miles long and so dern complicated!
|
| -Jared
# clear the tables
iptables -F
# set the default for the INPUT chain to DROP
iptables -I INPUT -j DROP -i eth0
# allow established and related connections
iptables -I INPUT -j ACCEPT -i eth0 -m state --state ESTABLISHED,RELATED
# Allow ports 22,23,80
iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 22
iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 23
iptables -I INPUT -j ACCEPT -i eth0 -p tcp --dport 80
# Allow localhost connections
iptables -I INPUT -j ACCEPT -i lo
# Block this IP on port 22 and 80
iptables -I INPUT -j DROP -i eth0 -p tcp --dport 22 -s 22.23.34.43
iptables -I INPUT -j DROP -i eth0 -p tcp --dport 80 -s 22.23.34.43
Chris
- --
I digitally sign my emails. If you see an attachment with .asc, then
that means your email client doesn't support PGP digital signatures.
http://www.gnupg.org/(en)/documentation/faqs.html#q1.1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCXUh2E5xXU3JS1mQRAp2lAKC+ooFxtDx77KfkYb9Wl/w/+q/JMACdHG/i
uBg5EK/piUkYo7AhHJS5tww=
=+4qT
-----END PGP SIGNATURE-----
More information about the Kclug
mailing list