Changeset c2ee009c for postlfs/security
- Timestamp:
- 10/04/2003 09:32:30 PM (21 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 6.0, 6.1, 6.2, 6.2.0, 6.2.0-rc1, 6.2.0-rc2, 6.3, 6.3-rc1, 6.3-rc2, 6.3-rc3, 7.10, 7.4, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, v5_0, v5_0-pre1, v5_1, v5_1-pre1, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- f7000b3d
- Parents:
- 5e18c49c
- Location:
- postlfs/security
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/firewalling/busybox.xml
r5e18c49c rc2ee009c 98 98 99 99 <para>These are only examples to show you some of the capabilities of the new 100 firewall ing-code in Linux-Kernel 2.4. Have a look at the man page of100 firewall code in Linux-Kernel 2.4. Have a look at the man page of 101 101 iptables. 102 102 There you will find more of them. The port-numbers you'll need for this 103 103 can be found in <filename>/etc/services</filename>, in case you didn't 104 find them by trial and error in your log file.</para>104 find them by trial and error in your log file.</para> 105 105 106 106 <para>If you add any of your offered or accessed services such as the above, -
postlfs/security/firewalling/disclaimer.xml
r5e18c49c rc2ee009c 10 10 is a complex issue that requires careful configuration. 11 11 The scripts quoted here are simply intended to give examples as to how 12 firewallingworks, they are not intended to fit into any imaginable12 a firewall works, they are not intended to fit into any imaginable 13 13 configuration and may not prevent any imaginable attack.</para> 14 14 15 15 <para>The purpose of this text is simply to give you a hint on how to get 16 started with firewalling.</para>16 started with a firewall.</para> 17 17 18 18 <para>Customization of these scripts for your specific situation will 19 19 be necessary for an optimal configuration, but you should make a serious 20 study of the iptables documentation and firewallingin general before hacking20 study of the iptables documentation and creating firewalls in general before hacking 21 21 away. Have a look at the list of <xref linkend="postlfs-security-fw-library"/> at the end 22 22 of this section for more details. Here you will find a list of URLs that -
postlfs/security/firewalling/intro.xml
r5e18c49c rc2ee009c 11 11 buffer-overflows and any other imaginable problem regarding its 12 12 security, and where you trusted every user accessing your services 13 to aim no harm, you wouldn't need to do firewalling!13 to aim no harm, you wouldn't need to do have a firewall! 14 14 In the real world however, daemons may be misconfigured, 15 15 exploits against essential services are freely available, you … … 49 49 To minimize the risk of compromising the firewall itself it 50 50 should generally have only one role, that of protecting the intranet. 51 Although not completely risk less, the tasks of doing the routing51 Although not completely risk free, the tasks of doing the routing 52 52 and eventually IP masquerading (rewriting IP-headers 53 53 of the packets it routes from clients with private IP-addresses onto -
postlfs/security/firewalling/kernel.xml
r5e18c49c rc2ee009c 1 1 <sect2 id="postlfs-security-fw-kernel" xreflabel="getting a firewalling-enabled Kernel"> 2 <title>Getting a firewall ing-enabled Kernel</title>2 <title>Getting a firewall enabled Kernel</title> 3 3 4 <para>If you want your Linux-Box to do firewallingyou must first ensure4 <para>If you want your Linux-Box to have a firewall, you must first ensure 5 5 that your kernel has been compiled with the relevant options turned on 6 <!-- <footnote><para>If you needed assistance how to configure, compile and install6 <!-- <footnote><para>If you needed assistance how to configure, compile and install 7 7 a new kernel, refer back to chapter VIII of the LinuxFromScratch book, 8 8 <ulink url="http://www.linuxfromscratch.org/view/3.1/chapter08/kernel.html">Installing a kernel</ulink> … … 33 33 <!-- 34 34 <table frame='none'> 35 <title>Essential config-options for a firewall ing-enabled Kernel</title>35 <title>Essential config-options for a firewall enabled Kernel</title> 36 36 37 37 <tgroup cols='5'> … … 122 122 <entry><userinput>Fast switching</userinput></entry> 123 123 <entry>Make sure to disable it because it would setup a bypass around 124 your firewall ing-rules.</entry>124 your firewall rules.</entry> 125 125 <entry>w\</entry> 126 126 <entry>CONFIG_NET_FASTROUTE</entry> -
postlfs/security/firewalling/library.xml
r5e18c49c rc2ee009c 1 1 <sect3 id="postlfs-security-fw-library" xreflabel="Links for further reading"> 2 <title>Where to start with further reading on firewall ing.</title>2 <title>Where to start with further reading on firewalls.</title> 3 3 4 4 <para><blockquote><literallayout> -
postlfs/security/firewalling/masqrouter.xml
r5e18c49c rc2ee009c 26 26 echo "of the quoted configuration rules." 27 27 echo "You can find some quite comprehensive information" 28 echo "about firewall ingin Chapter 4 of the BLFS book."29 echo "http:// beyond.linuxfromscratch.org/"28 echo "about firewalls in Chapter 4 of the BLFS book." 29 echo "http://www.linuxfromscratch.org/blfs" 30 30 echo 31 31 -
postlfs/security/firewalling/stop.xml
r5e18c49c rc2ee009c 2 2 <title>firewall.stop</title> 3 3 4 <para>If you need to turn firewallingoff, this script will do it:</para>4 <para>If you need to turn the firewall off, this script will do it:</para> 5 5 6 6 <screen><userinput><command>cat > /etc/rc.d/init.d/firewall.stop << "EOF"</command> -
postlfs/security/iptables.xml
r5e18c49c rc2ee009c 3 3 <title>iptables-&iptables-version;</title> 4 4 5 <para>The next part of this chapter deals with firewall ing. The6 principle firewall ingtool for Linux, as of the 2.4 kernel series, is5 <para>The next part of this chapter deals with firewalls. The 6 principle firewall tool for Linux, as of the 2.4 kernel series, is 7 7 <application>iptables</application>. It replaces 8 8 <application>ipchains</application> from the 2.2 series and 9 9 <application>ipfwadm</application> from the 10 10 2.0 series. You will need to install <application>iptables</application> if 11 you intend on using any form of firewalling.</para>11 you intend on using any form of a firewall.</para> 12 12 13 13 &iptables-intro; -
postlfs/security/iptables/iptables-intro.xml
r5e18c49c rc2ee009c 2 2 <title>Introduction to <application>iptables</application></title> 3 3 4 <para>To use firewalling, as well as installing4 <para>To use a firewall, as well as installing 5 5 <application>iptables</application>, you will need 6 6 to configure the relevant options into your kernel. This is discussed
Note:
See TracChangeset
for help on using the changeset viewer.