Volgers

zaterdag 4 september 2010

Linux firewalling! Sounds fun right!?

Beginners Guide To Fire walling with Linux
----------------------------------------------------


I. INTRODUCTION

     Let me guess? You just bought your brand new version on linux, and now you are feeling really 1337ish so you decide you are going to port scan yourself. So then you do, and now you are scared. You probably had at least 10 ports open, including ftp, telnet, ssh, pop3, and some other scary ports that you know are just creeping with security flaws.
     So now you decided that you don't want all these ports open. Now you jump out onto the net in search of a firewall. Well, unlike windows, people on *nix normally configure their own firewalls. Why? Think about it which is more 1337ish? To have a firewall that you configured on your own to show your friends, or one that you downloaded from ZoneAlarm.com?

II. KERNEL FUN

     Now for the fun part. Getting started. Log into root, and you are ready to begin. First off, I would like to say that this tutorial is for the 2.4.x kernel, and if you don't have it by now... You are leaving yourself open to more than I can help you with right now, so do yourself a favor and download the newest kernel from kernel.org.
     If you already have the 2.4.x kernel installed. Check to see if iptables is turned on in the config. If it is, then just skip down until after the compilation part. If not, then you get the wonderful learning experience of learning to compile and configure your kernel. Read up on this in /usr/share/doc/howto/en on the file called Kernel-HOWTO. This should lead you through the steps. Just make sure that you check iptables under Network Options, and then check every single option under Netfilter Options.
     Now follow the rest of the directions and boot into your new 2.4.x kernel. The next task we get tackle is downloading and installing the iptables program (doens't make since that it doesn't come preinstalled does it?) Well you can get this at http://netfilter. kernelnotes.org/ then just install the rpm (rpm -i iptables1.2). Now, reboot (you could continue without, but it will run choppy).

III. SCAN YOUR PORTS

     Now you also need a little program called nmap, which can be aquared from www.insecure.org/nmap/. This little program really helps, it allows you to scan yourself and find exactly what ports are open. So, download and install this. Then enter the command, nmap -sS <your i.p> (from root) it should list all the ports that you have open now. Surprised? Never thought that a brand new user would have that many ports open did you? Time to close them. You should have gotten a report like this:

Port  State  Service
21/tcp  open  ftp
22/tcp  open  ssh
23/tcp  open  telnet
25/tcp  open  smtp
37/tcp   open  time
79/tcp  open  finger
80/tcp  open  http
...  ...  ...
...  ...  ...

and so on...


IV. FIREWALLS HERE WE COME!

     These are the ports that we have to close. For this, we call up our iptables command. To close off the port you simple type:
iptables -A INPUT -p tcp --dport 21 -j REJECT

     This tells iptables that you want to add a link, thats controls input, on a tcp port 21, and you want it to reject everything. After entering this command, you should either have closed or filtered in the State category if you do an nmap. Well, as you can see, that would be a lot of work to enter every single one of those commands every time you reboot (the closing of the port is only temporary). So how about we make a bash script? Simply place this script in /bin or /usr/bin under the name firewall.

#!/bin/bash
iptables -A INPUT -p tcp --dport 21 -j REJECT
iptables -A INPUT -p tcp --dport 22 -j REJECT
iptables -A INPUT -p tcp --dport 23 -j REJECT
iptables -A INPUT -p tcp --dport 25 -j REJECT
iptables -A INPUT -p tcp --dport 37 -j REJECT 
... .... .... .... .... ...
echo Great job shraps! Firewall is intact!


     Now we can just run firewall everytime we reboot. However, switching into root is a pain for just one command so why not use the su -c firewall command? This makes things much easier.

V. OPENING A PORT AGAIN

     So you have all your ports firewalled? Let's say that now you would like to run an ftp server. But remember? You closed up the ftp port with your firewall. How are we gonna fix this? Simple, just type:

iptables -A INPUT -p tcp --dport 21 -j ACCEPT


    Now you can just edit your firewall program, and put a # in front of the ftp port to comment that line out. Congratulations, now you have a working firewall.

12 opmerkingen: