[preston] RedHat firewall

John preston at mailman.lug.org.uk
Sun Sep 29 22:41:00 2002 

John,

You can disable some services that are controlled by inetd / xinetd (the
internet superserver). If you look in the directory /etc/xinetd.d for
example you will see config files for services such as telnet for example.
Each config file should contain the line "disable = yes " or "disable =
no".... You can either set the disable flag to yes or alternatively remove
the config file for the specified service that you do not want to offer on
your machine (telnet, ftp, imap/pop3 etc...)...

Other ports will need to be blocked on your firewall... Under ipchains, you
can specify input / output rules by source / destination ip address and
port... for example:

ipchains -A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT

The above adds a rule to the input chain such that any source IP (-s 0/0) to
any destination IP (-d 0/0) on port 80 (http) with a protocol of tcp (-p
tcp) where the connection comes from inside the firewall (-y) should be
allowed (-j ACCEPT).... Obviously, this is allowing machines inside the
firewall to access the web on port 80. you can specify a range of ports
instead of just one port (0:1023 for example covers the range of privileged
ports). If you wanted to block ports you would follow a similar format to
the above but use either REJECT or DENY.... You can check out the man pages
for ipchains / iptables or alternatively check out the documentation for
whatever firewall you are using... Other than inetd/xinetd and firewall
rules I am not aware of any other methods for blocking specific ports....
Hopefully, someone more knowledgable than me on the list will be able to
elaborate further... The only other thing you might want to consider is
whether or not you employ a proxy server such as squid.... In that case you
have Access Control Lists (ACL's) which you can tune to lock down access to
the internet... Hope this is of some use anyway....

Cheers

John
----- Original Message -----
From: "John C" <johnc@ukzone.com>
To: <preston@mailman.lug.org.uk>
Sent: Friday, September 27, 2002 5:31 PM
Subject: [preston] RedHat firewall


> Can anybody tell me which file I have to edit to block extra ports that I
want to keep closed.
>
> Thanks
> John C
>
>
> =================================================
>
>   Check out our British Country Music Web Sites
>
>         http://www.countrymusic.org.uk
>         http://www.bcmi-radio.co.uk
>
>         Over 70,000 visitors a week
>
> =================================================
>
>
> _______________________________________________
> Preston mailing list
> Preston@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/preston
>