Locking Down my System

[johntaylor]

I have recently gone from using a Netgear WebSafe Router to using a Linux Proxy Server and Firewall to share the internet on my home network. I made the change because I found out that there was numerous ports open on the Router.

Now that I have successfully set up the Firewall and Proxy server, I have found out that there is still a few ports open that technically should not be because I didn't open them up.

There is a few rules on iptables that allow traffic on port 80 etc, but after that all traffic is denied on the external network. All traffic is allowed on the internal network.

Any help would be good.

[Ricky]

Man your title is not revalent to your query.. rather you  would like to show use your port which are still opened >>.

[johntaylor]

I am not able to tell you the ports that are open at the present moment. I can however tell you that port 5000 was open I think.

[Ricky]

Ok. u can use another approach.. like.. dropping all incoming traffic an then allowing only which is required..
use.

Code: [Select]

iptables -P INPUT DROP  but before that add all the allowed traffic rules.. like for ftp.

Code: [Select]

iptables -A INPUT -p tcp -i eth0 --dport 21 -j ACCEPT          
iptables -A INPUT -p udp -i eth0 --dport 21 -j ACCEPT But. this is not a complete example, look for netfilter table for more details in this approach..

[Ricky]

I mean netfilter complete tutorial

[johntaylor]

Thanks.
So do I DENY or DROP all incoming packets as the first rule THEN make the allow rules?

[Ricky]

It should be in the Last "to drop all packets".. All allowed traffic should be before that rule, this is as per the netfilter rule.