VectorLinux
October 25, 2014, 09:59:05 am *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: Hardening questions  (Read 1200 times)
hobbes2120
Member
*
Posts: 10


« on: April 10, 2008, 06:19:41 pm »

I use to use Redhat for a long time but decided that Vector would be a better fit for my game server and what do you know, I was right. There are a few problems that I am having regarding security. In Redhat, there was a script that let you delegate which ports were open or closed. I have been looking over these forums trying to find something similar. I would like to bring my firewall up but also be able to open a few key ports to the game server. My findings regarding opening ports only gave me a limited selection of "popular" ports that I can open and nothing more. The ports that I need open are not listed so I need a way to access them directly to script them open.

What I would like to accomplish: starting up the firewall and allow access on desired ports.

Vector Linux version 5.7 or 5.8 (been a while so I forgot what it is)
Kernel version 2.6.18.5
I believe its still a vanilla install

Thanks in advance.
Logged
bigpaws
Vectorian
****
Posts: 1856


« Reply #1 on: April 10, 2008, 07:21:16 pm »

Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws
Logged
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!