Please support VectorLinux!

Author Topic: Hardening questions  (Read 1288 times)

hobbes2120

  • Member
  • *
  • Posts: 10
Hardening questions
« on: April 10, 2008, 06:19:41 pm »
I use to use Redhat for a long time but decided that Vector would be a better fit for my game server and what do you know, I was right. There are a few problems that I am having regarding security. In Redhat, there was a script that let you delegate which ports were open or closed. I have been looking over these forums trying to find something similar. I would like to bring my firewall up but also be able to open a few key ports to the game server. My findings regarding opening ports only gave me a limited selection of "popular" ports that I can open and nothing more. The ports that I need open are not listed so I need a way to access them directly to script them open.

What I would like to accomplish: starting up the firewall and allow access on desired ports.

Vector Linux version 5.7 or 5.8 (been a while so I forgot what it is)
Kernel version 2.6.18.5
I believe its still a vanilla install

Thanks in advance.

bigpaws

  • Vectorian
  • ****
  • Posts: 1868
Re: Hardening questions
« Reply #1 on: April 10, 2008, 07:21:16 pm »
Firewalls  should be stand alone.

Here is a start, just add this script to say rc.firewall and then edit
as needed.

#!/bin/bash

# rc.firewall for
# Basic Vector Security

# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP

# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT

# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT


Bigpaws