Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need help for iptables rules
Special Forums Cybersecurity Need help for iptables rules Post 302988743 by Peasant on Sunday 1st of January 2017 02:33:38 PM
Old 01-01-2017
With 'free wifi' most harmfull stuff is not actually related to your firewall (unless you block everything, which makes no sense).

A person who owns that wifi network in one way or another can :

1. Use fake DNS and create fake pages for folks inside that network.
2. Sniff network traffic, especially unencrypted/poorly encrypted traffic and analyze it or/and save it for later (perhaps even years, to brute force it later when he gets a new gpu Smilie )

A lot of other things for an imaginative mind.

Conclusion is if the for anything but casual surfing (no banking, no credentials input), unless you know for a fact that no such things exist in that network.
If using be sure to check the certificates of pages you are leaving credentials at, and use strong encryption.

Hope the helps
Regards
Peasant.
This User Gave Thanks to Peasant For This Post:
Thomas342
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SED inserting iptables rules in while loop

I'm trying to insert multiple new lines of text into an iptables script using sed in a while loop. I'm not sure if this is the most effective way. Searching the forums has helped me come up with a good beginning but it's not 100%. I'd like it to search out a unique line in my current iptables file... (2 Replies)
Discussion started by: verbalicious
2 Replies

2. IP Networking

Iptables rules at boot

Hi I have small home network and I want to block some forums on web When I use this iptables -A INPUT -s forum -j DROP rules is applied but when I restart some of PC rules are not present any more also I tried to save firewall settings iptables-save > /root/dsl.fw but how to... (2 Replies)
Discussion started by: solaris_user
2 Replies

3. Cybersecurity

Editing rules on iptables

Hello, I was playing around with iptables to setup an isolated system. On a SLES10 system, I ran the below to setup my first draft of rules. I noticed that the rules come into effect immediately and do not require any restart of iptables. iptables -A INPUT -j ACCEPT iptables -A OUTPUT -m... (4 Replies)
Discussion started by: garric
4 Replies

4. Ubuntu

iptables rules (ubuntu)

Could someone help me with writing rules for iptables? I need a dos attacks protection for a game server. port type udp ports 27015:27030 interface: eth0 Accept all packets from all IPs Chek if IP sent more than 50 packets per second Drop all packets from this IP for 5 minutes I would be... (0 Replies)
Discussion started by: Greenice
0 Replies

5. Red Hat

Iptables/Firewall rules for multicast IP.

Hi Gurus, I need to add Multicast Port = xyz Multicast Address = 123.134.143 ( example) to my firewall rules. Can you please guide me with the lines I need to update my iptables files with. (0 Replies)
Discussion started by: rama krishna
0 Replies

6. Red Hat

iptables Rules for my network

Hi Champs i am new in Iptables and trying to write rules for my Samba server.I took some help from internet, created one script and run from rc.local : #Allow loopback iptables -I INPUT -i lo -j ACCEPT # Accept packets from Trusted network iptables -A INPUT -s my-network/subnet -j... (0 Replies)
Discussion started by: Vaibhav.T
0 Replies

7. UNIX for Advanced & Expert Users

Editing iptables rules with custom chain

Hello, I have iptables service running on my CentOS5 server. It has approx 50 rules right now. The problem I am facing now is as follows - I have to define a new chain in the filter table, say DOS_RULES & add all rules in this chain starting from index number 15 in the filter table. ... (1 Reply)
Discussion started by: BhushanPathak
1 Replies

8. Shell Programming and Scripting

Need to Convert the QNX rules to UNIX iptables

Need to convert the QNX rules to Linux ubuntu 12.04. kindly any one help us with any tools (4 Replies)
Discussion started by: mageshkumar
4 Replies

9. UNIX for Advanced & Expert Users

iptables help with rules

Hi, I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it. The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Discussion started by: steadyonabix
4 Replies

10. IP Networking

iptables - formatting icmp rules

Hi, I am relatively new to firewalls and netfilter. I have a Debian Stretch router box running dnsmasq, connected to a VPN. Occasionally dnsmasq polls all of the desired DNS servers to select the fastest. When it does this it responds to replies of the non-selected DNS servers with a icmp type... (0 Replies)
Discussion started by: CrazyDave
0 Replies

LEARN ABOUT OPENSOLARIS

ipfilter

ipfilter(5)						Standards, Environments, and Macros					       ipfilter(5)

NAME

       ipfilter - IP packet filtering software

DESCRIPTION

       IP  Filter is software that provides packet filtering capabilities on a Solaris system. On a properly setup system, it can be used to build
       a firewall.

       Solaris IP Filter is installed with the Solaris operating system. However, packet filtering is not enabled by default. See  ipf(1M)  for  a
       procedure to enable and activate the IP Filter feature.

HOST-BASED FIREWALL
       To  simplify  IP Filter configuration management, a firewall framework is created to allow users to configure IP Filter by expressing fire-
       wall policy at system and service level. Given the user-defined firewall policy, the framework generates  a  set  of  IP  Filter  rules	to
       enforce	the  desired  system  behavior. Users specify system and service firewall policies that allow or deny network traffic from certain
       hosts, subnets, and interface(s). The policies are translated into a set of active IPF rules to enforce the specified firewall policies.

       Note -

	 Users can still specify their own ipf rule file if they choose not to take advantage of the framework. See ipf(1M) and ipf(4).

   Model
       This section describes the host-based firewall framework. See svc.ipfd(1M) for details on how to configure firewall policies.

       A three-layer approach with different precedence levels helps the user achieve the desired behaviors.

       Global Default

	   Global Default - Default system-wide firewall policy. This policy is automatically inherited by all	services  unless  services  modify
	   their firewall policy.

       Network Services

	   Higher  precedence than Global Default. A service's policy allows/disallows traffic to its specific ports, regardless of Global Default
	   policy.

       Global Override

	   Another system-wide policy that takes precedence over the needs of specific services in Network Services layer.

	 Global Override
	       |
	       |
	 Network Services
	       |
	       |
	 Global Default

       A firewall policy includes a firewall mode and an optional set of network sources. Network sources are IP  addresses,  subnets,	and  local
       network interfaces, from all of which a system can receive incoming traffic. The basic set of firewall modes are:

       None

	   No firewall, allow all incoming traffic.

       Deny

	   Allow all incoming traffic but deny from specified source(s).

       Allow

	   Deny all incoming traffic but allow from specified source(s).

   Layers in Detail
       The  first  system-wide	layer,	Global	Default,  defines a firewall policy that applies to any incoming traffic, for example, allowing or
       blocking all traffic from an IP address. This makes it simple to have a policy that blocks all incoming traffic	or  all  incoming  traffic
       from unwanted source(s).

       The  Network  Services  layer  contains	firewall policies for local programs that provide service to remote clients, for example, telnetd,
       sshd, and httpd. Each of these programs, a network service, has its own firewall policy that controls access to its service.  Initially,  a
       service's  policy is set to inherit Global Default policy, a "Use Global Default" mode. This makes it simple to set a single policy, at the
       Global Default layer, that can be inherited by all services.

       When a service's policy is different from Global Default policy, the service's policy has higher precedence. If Global  Default	policy	is
       set  to	block all traffic from a subnet, the SSH service could be configured to allow access from certain hosts in that subnet. The set of
       all policies for all network services comprises the Network Service layer.

       The second system-wide layer, Global Override, has a firewall policy that also applies to any incoming network  traffic.  This  policy  has
       highest	precedence  and overrides policies in the other layers, specifically overriding the needs of network services. The example is when
       it is desirable to block known malicious source(s) regardless of services' policies.

   User Interaction
       This framework leverages IP Filter functionality and is active only when svc:/network/ipfilter is enabled and inactive when  network/ipfil-
       ter  is	disabled. Similarly, a network service's firewall policy is only active when that service is enabled and inactive when the service
       is disabled. A system with an active firewall has IP Filter rules for each running/enabled network service and system-wide policy(s)  whose
       firewall mode is not None.

       A  user configures a firewall by setting the system-wide policies and policy for each network service. See svc.ipfd(1M) on how to configure
       a firewall policy.

       The firewall framework composes of policy configuration and a mechanism to generate IP Filter rules from  the  policy  and  applying  those
       rules to get the desired IP Filter configuration. A quick summary of the design and user interaction:

	   o	  system-wide policy(s) are stored in network/ipfilter

	   o	  network services' policies are stored in each SMF service

	   o	  a user activates a firewall by enabling network/ipfilter (see ipf(1M))

	   o	  a user activates/deactivate a service's firewall by enabling/disabling that network service

	   o	  changes to system-wide or per-service firewall policy results in an update to the system's firewall rules

ATTRIBUTES

       See attributes(5) for a description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1), ipf(1M), ipnat(1M), svcadm(1M), svc.ipfd(1M), ipf(4), ipnat(4), attributes(5), smf(5)

       System Administration Guide: IP Services

NOTES

       The nfsd service is managed by the service management facility, smf(5), under the service identifier:

	 svc:/network/ipfilter:default

       Administrative  actions	on  this  service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser-
       vice's status can be queried using the svcs(1) command.

       IP Filter startup configuration files are stored in /etc/ipf.

SunOS 5.11							    18 Feb 2009 						       ipfilter(5)
All times are GMT -4. The time now is 02:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy