[oclug] Stealth

[GR Gaudreau]

<snipped>
> 
> If you're never running any services it is fine to have this line in
> the firewall rules.  Services you may wish to run include: ssh in to
> your box from outside, and boxes on the inside connecting to your
> box (eg, to treat it as a mail server).
> 
> You can find this line to a particular interface only, so that
> localhost, and any boxes on the inside (yeah I know you don't have
> any yet ;) can connect ok.
> 
> > [gr]  What problems?
> 
> Many services assume they can connect to localhost.  Not having it
> present can cause problems like mail not working, news not working,
> etc, etc. It'd be like dropping the lo interface, which is similarly
> a bad thing.
> 
> > [gr]  Is there an advantage to tying these down? If not, then it's
> > not worth doing it, right?
> 
> It's always worth tying stuff down :)
> 
> Here is what I have for icmp right now:
> 
> # Allow these ICMP types back in
> ICMPALLOW="0 3 4 5 6 9 10 11 12 15 16 30 31 32 35 36"
> 
> # Allow these icmp types
> for I in $ICMPALLOW
> do
>         iptables -A ICMP -p icmp --icmp-type $I -j ACCEPT
> done
> 
> As can be seen, this is in the "ICMP" chain but you could do it in
> any chain you like.  I have my INPUT & FORWARD chain feed to a
> FIREWALL chain, where I then split it off as appropriate to
> different chains.  The extensive use of chains decreases the number
> of rule parses required for a given packet and means each given rule
> needs on;y have certain parameters set.  The rule above will only be
> hit by things entering my external network interface.

[gr]   Rob, thanks for the info. That's yet another area I know little
about. So much reading, so much to learn. I think I'm going to have to
start giving up soem of my "religious" discussion groups on the 'Net
and start learning more about the OS I like so much. Again, my thanks.