VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: Hardening questions  (Read 1323 times)

hobbes2120

  • Member
  • *
  • Posts: 10
Hardening questions
« on: April 10, 2008, 07:19:41 pm »

I use to use Redhat for a long time but decided that Vector would be a better fit for my game server and what do you know, I was right. There are a few problems that I am having regarding security. In Redhat, there was a script that let you delegate which ports were open or closed. I have been looking over these forums trying to find something similar. I would like to bring my firewall up but also be able to open a few key ports to the game server. My findings regarding opening ports only gave me a limited selection of "popular" ports that I can open and nothing more. The ports that I need open are not listed so I need a way to access them directly to script them open.

What I would like to accomplish: starting up the firewall and allow access on desired ports.

Vector Linux version 5.7 or 5.8 (been a while so I forgot what it is)
Kernel version 2.6.18.5
I believe its still a vanilla install

Thanks in advance.
Logged

bigpaws

  • Vectorian
  • ****
  • Posts: 1871
Re: Hardening questions
« Reply #1 on: April 10, 2008, 08:21:16 pm »

Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws
Logged