Content

• Cheatsheets
• accounts
• boot loaders
• firewalls
• kernel information
• kernel installation
• kernel modules
• maintanence
• networking
• runlevels
• security
• system files
• system logging
• terminals
• time

Random Geekery

"Got root?"

- unknown

Linux Administration - Firewalls

[top]

iptables

Files /proc/net/ip_tables_match /proc/net/ip_tables_names /proc/net/ip_tables_targets iptables related files.


Commands
> iptables -L -t filter Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Display the current settings of the "filter" table. The "filter" table is the default, so this specification is not necessary.

> iptables -t filter -F FORWARD Flush current rules for the FORWARD chain

> iptables -t filter -P FORWARD DROP Set the default policy for the FORWARD chain to DROP

> iptables [-t table] -A [FORWARD/INPUT/OUTPUT] selection-criteria -j [ACCEPT/REJECT/DROP] Add a policy for a chain. The selection criteria corresponds as follows:

-p [tcp,udp,icmp,all] - protocal type --source-port, -sport [port:port] - source port range --destination-port, -dport [port:port] - destination port range --source, -s [ip] - source ip address --destination, -d [ip] - destination ip address --in-interface, I [interface_name] - interface packets arrive on --out-interface, o [interface_name] - interface packets leave on --state [NEW/ESTABLISHED/RELATED/INVALID] - block connection attempts to certain ports while also enabling connections from those same ports. (stateful packet inspection)

[top] TCP Wrappers

Files /etc/hosts.allow - specifies computers allowed to connect to system (man hosts.allow) /etc/hosts.deny - specifies computer NOT allowed to connect to system (man hosts.deny) format: daemon-list : client-list daemon-list = list of servers whose names appear in /etc/services
client-list = list of computers by name or IP address


[top] xinetd

Files /etc/xinetd.conf - configuration file /etc/xinetd.d - directory of related script files

Directives - /etc/xinetd.d bind - listen on only one network interface for a specified service only_from - accept connections only from specified IP addresses, networks or computer names. no_access - deny connections from specified IP addresses, networks or computer names. access_times - times when users can access the system (10:00-20:00)

Necessary Links

Community

• Systhread.net
• Monsterb.org

OS

• Debian
• Fedora
• FreeBSD
• Linux.org
• NetBSD
• Ubuntu


• DistroWatch
• The Linux Counter

Networking

• DynDNS
• Linksys WRT54G
• Tomato Firmware

Programming

• CPAN
• Perl.org
• PHP.net
• W3Schools

Organizations

• LPI