Linux Lab 21 Firewall Definitions
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Linux Lab 21 Firewall Definitions as PDF for free.
More details
- Words: 354
- Pages: 1
Linux Workshop
Lab 21 Firewall definitions Example implemented firewall policies
Example implemented user defined chains
Policy Egress filtering
Description Restrictive: Only explicitly authorized packets may exit the protected host
Chain BADIP
Description Checks for unwanted source and destination IP addresses
SHUN Ingress filtering
Restrictive: Only explicitly authorized packets may enter the protected host
Checks for hostile source and destination IP addresses
FLAGS
Checks for unwanted TCP flag combinations
FLOOD
Checks for excessive rate of arrival of SYN packets
IN
Checks for inbound TCP/UDP datagrams
OUT
Checks for outbound TCP/UDP datagrams
IN_ICMP
Checks for inbound ICMP messages
Hostile hosts
Inbound ICMP
Outbound ICMP
Inbound services
Hostile hosts are shunned: all related inbound and outbound traffic is blocked Only the following messages are authorized: destination unreachable, parameter problem, source quench, and time exceeded Only the following messages are authorized: destination unreachable, fragmentation needed, parameter problem, source quench Remote clients can access SSH and Web services. Other services are blocked.
Outbound services Local clients can access remote DNS, FTP, HTTP, HTTPS, RSYNC, SMTP, SSH, WHOIS. Other services are blocked. Logging
Blocked packets go to the Syslog service
Ping
Only specified hosts
Special IP's
Blocked on the Internet interface (such as RFC 1918: private IP addresses)
SYN flood
SYN's are blocked when a threshold is exceeded (blunting the effect of a SYN flood attack)
TCP flags
Accept only official combinations (blocking TCP scans such as the ID check and the Christmas tree attack)
OUT_ICMP Checks for outbound ICMP messages LBADIP
Logs and drops packets having unwanted source and destination IP addresses
LDROP
Logs and drops packets
LFLAGS
Logs and drops packets having unwanted TCP flag combinations
LFLOOD
Logs and drops SYN packets
LSHUN
Logs and drops packets from shunned hosts
Theory Modules LPIC 1 Certification Bible, isbn 0-7645-4772-0 ➢ p. 721-727 Blocking unwanted connections with IPChains (kernel version 2.2). Downloadable manual(www.novell.com/documentation) SUSE LINUX Enterprise Server – Install. and Admin. ➢ p. 643-651 Masquerading and Firewalls
Extra References ➢ www.tldp.org ➢ www.ethereal.com ➢ Red Hat Linux Firewalls, Bill McCarty,
isbn 0-7645-2463-1 ➢ /scripts/firewall/ directory on the course DVD.
© October 2, 2005, wiki.novell.com/index.php/Roberts_Quick_References, author of Foundations of Linux networking
Lab 21 Firewall definitions Example implemented firewall policies
Example implemented user defined chains
Policy Egress filtering
Description Restrictive: Only explicitly authorized packets may exit the protected host
Chain BADIP
Description Checks for unwanted source and destination IP addresses
SHUN Ingress filtering
Restrictive: Only explicitly authorized packets may enter the protected host
Checks for hostile source and destination IP addresses
FLAGS
Checks for unwanted TCP flag combinations
FLOOD
Checks for excessive rate of arrival of SYN packets
IN
Checks for inbound TCP/UDP datagrams
OUT
Checks for outbound TCP/UDP datagrams
IN_ICMP
Checks for inbound ICMP messages
Hostile hosts
Inbound ICMP
Outbound ICMP
Inbound services
Hostile hosts are shunned: all related inbound and outbound traffic is blocked Only the following messages are authorized: destination unreachable, parameter problem, source quench, and time exceeded Only the following messages are authorized: destination unreachable, fragmentation needed, parameter problem, source quench Remote clients can access SSH and Web services. Other services are blocked.
Outbound services Local clients can access remote DNS, FTP, HTTP, HTTPS, RSYNC, SMTP, SSH, WHOIS. Other services are blocked. Logging
Blocked packets go to the Syslog service
Ping
Only specified hosts
Special IP's
Blocked on the Internet interface (such as RFC 1918: private IP addresses)
SYN flood
SYN's are blocked when a threshold is exceeded (blunting the effect of a SYN flood attack)
TCP flags
Accept only official combinations (blocking TCP scans such as the ID check and the Christmas tree attack)
OUT_ICMP Checks for outbound ICMP messages LBADIP
Logs and drops packets having unwanted source and destination IP addresses
LDROP
Logs and drops packets
LFLAGS
Logs and drops packets having unwanted TCP flag combinations
LFLOOD
Logs and drops SYN packets
LSHUN
Logs and drops packets from shunned hosts
Theory Modules LPIC 1 Certification Bible, isbn 0-7645-4772-0 ➢ p. 721-727 Blocking unwanted connections with IPChains (kernel version 2.2). Downloadable manual(www.novell.com/documentation) SUSE LINUX Enterprise Server – Install. and Admin. ➢ p. 643-651 Masquerading and Firewalls
Extra References ➢ www.tldp.org ➢ www.ethereal.com ➢ Red Hat Linux Firewalls, Bill McCarty,
isbn 0-7645-2463-1 ➢ /scripts/firewall/ directory on the course DVD.
© October 2, 2005, wiki.novell.com/index.php/Roberts_Quick_References, author of Foundations of Linux networking
Related Documents
Linux Lab 21 Firewall Definitions
December 2019 13
Linux Lab 21 Firewall
December 2019 21
Firewall Para Linux Puppy
May 2020 16
Linux Firewall & Proxy Server
November 2019 26
Mengenal Firewall Pada Linux
May 2020 17