Menu
▾
▴
RE: [Snort-inline-users] Re: rc.firewall script editing - Follow-up to post last month
|
From: Nathan L. <na...@iw...> - 2004-02-25 23:57:02
|
I see so many inline bridge deployments. Has anyone successfully done an
inline with nat?
-----Original Message-----
From: sno...@li...
[mailto:sno...@li...] On Behalf Of
Wil...@kc...
Sent: Friday, February 20, 2004 4:29 PM
To: Karl .
Cc: sno...@li...
Subject: [Snort-inline-users] Re: rc.firewall script editing - Follow-up
to post last month
This is what I use to startup my stealth bridge.
case "$1" in
start)
echo -n "starting bridge"
#BRIDGE SETUP
echo setting up bridge
/sbin/ifconfig eth0 0.0.0.0
/sbin/ifconfig eth1 0.0.0.0
/usr/local/bin/brctl addbr br0
/usr/local/bin/brctl addif br0 eth0
/usr/local/bin/brctl addif br0 eth1
/usr/local/bin/brctl stp br0 off
/sbin/ifconfig br0 up
#NAILING UP INTERFACES AT 100FULL
echo nailing up interfaces at 100FULL
/sbin/mii-tool eth0 -F 100baseTx-FD
/sbin/mii-tool eth1 -F 100baseTx-FD
sleep 3
echo
;;
stop)
echo -n "Stopping IPS STUFF: ("
/usr/local/bin/brctl delif br0 eth0
/usr/local/bin/brctl delif br0 eth1
/sbin/ifconfig br0 down
/usr/local/bin/brctl delbr br0
echo
;;
restart)
$0 stop
$0 start
;;
status)
status bridge
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
This is what I use in iptables for pure IPS inbound/outbound IPS
iptables -A FORWARD -j QUEUE
iptables -A INPUT -j DROP
If you only want to allow traffic to and from a certian ip you would do
something like this lets say that your computer has an ip of 192.168.1.1
insmod ipt_state
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -s 192.168.1.1 -d 0.0.0.0/0 -m state --state NEW -j
QUEUE
iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j QUEUE
iptables -A FORWARD -j DROP
iptables -A INPUT -j DROP
Or you have a class c network you would do something like
iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -s 192.168.1.0/24 -d 0.0.0.0/0 -m state --state NEW
-j QUEUE
iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j QUEUE
iptables -A FORWARD -j DROP
iptables -A INPUT -j DROP
If the dhcp server for your net is on the other side of the bridge
conntrack has problems with bootp/dhcp so add the following rules.
iptables -A FORWARD -p udp --dport 67 -j ACCEPT
iptables -A FORWARD -p udp --dport 68 -j ACCEPT
iptables -A FORWARD -p udp --sport 67 -j ACCEPT
iptables -A FORWARD -p udp --sport 68 -j ACCEPT
"Karl ." <kfb...@ho...>
02/20/2004 03:59 PM
To
Wil...@kc...
cc
Subject
rc.firewall script editing - Follow-up to post last month
William,
I saw your post:
<http://64.4.10.250/cgi-bin/linkrd?_lang=EN&lah=9c16cb8818ea160a8ff61e65
f83d2b18&lat=1077314208&hm___action=http%3a%2f%2f216%2e239%2e39%2e104%2f
search%3fq%3dcache%3aqoMKRsh9yqoJ%3asourceforge%2enet%2fmailarchive%2ffo
rum%2ephp%253Fthread_id%253D3768367%2526forum_id%253D32933%2brc%2efirewa
ll%2bRob%2bMcMillen%26amp%3bhl%3den%26amp%3bie%3dUTF%2d8>
http://216.239.39.104/search?q=cache:qoMKRsh9yqoJ:sourceforge.net/mailar
chive/forum.php%3Fthread_id%3D3768367%26forum_id%3D32933+rc.firewall+Rob
+McMillen&hl=en&ie=UTF-8
regarding a "simple" version of the rc.firewall script by RobMcMillen.
I wanted to do the exact same thing but I'm not sure what to put in the
PUBLIC_IP and INET_IFACE variables since I'm not running a Honeypot. My
firewall has all the public and private addresses, not this box, right?
Could you possibly help me on this? I'm simply want to use this box as
a Stealth Bridge behind my DSL modem to prevent attacks on my servers.
Any help is appreciated.
Thanks
Karl
_____
<http://g.msn.com/8HMBENUS/2740??PS=> Say "good-bye" to spam, viruses
and pop-ups with MSN Premium -- free trial offer!
|
