http://www.Linux-Sec.net Hardening-Tightening Security_Policy Hardening-HOWTO Linux Distros Distro Patches Kernel-Patches Dedicated Servers Firewalls DNS Servers Mail Servers Web Servers Turn-Off Daemons Tighten Inetd Services Top-10 Vulnerabilities Top-7 Security Mistakes Top-10 Vulnerabilities Top-20 Most Critical Vulnerability Top-10 Virus Scans/Attacks Stats Top-10 Attacks Hacked Servers One Minute Audits OpenPorts Audit AntiVirus - AntiSpam Anti-Spam Anti-Virus spam.wav Wireless [In]Security Sniffers Security Tools SSH_SSL Firewalls MailServer FileSystem VPN Port Scan Detectors IDS Tools LogFile Analysis Ethernet Monitoring Server Monitoring Tracking & Forensics Hackers Tools Audit Tools Port Scanners Hacking Tools DDOS Tools Sniffer Tools Spoof Tools Exploits & Vulnerbilities Wireless Wireless [In]Security Misc Statistics Linux/BSD Distros Links,Articles,WatchDogs Security Mailing Lists/FAQs Liability Insurance 1U Rackmount Chassis Custom-Chassis.com Linux-1U.net 1U-ITX.net ITX-Blades.net Small PC cases Mini-Box.net Wrap-Box.net Wrap-OS.net Wan-Sim.net Linux-Consulting.com Linux-CAE.net Linux-Sec.net Linux-Boot.net Linux-Backup.net Linux-Wireless.org Linux-Office.net Linux-Video.net Linux-VOIP.net Linux-Jobs.net Linux-Diff.net 1U-Raid5.net Linux-Howto.net Spam Reporting Free Linux CDs ISO9660.org Distro-CD.org Patch-CD.org Contact Linux is a registered trademark of Linus Torvalds More Linux Legalese

Linux-Sec.net/Firewall Linux Firewalls Firewall Mailing Lists Security Policy DMZ Network Topology Firewall Rules FirewallPolicy Masquerade/NAT Ingress/Egress Proxy Firewall HowTo IPTables/IPChains Cisco Firewall Testing and Logs PreConfigured Firewalls Example Firewall Scripts Firewall Config Tools Commercial Firewalls Firewall Rules SecurityFocus.net Example Firewall Scripts Linux-Sec.net/FW/Scripts Example Firewall Scripts General Firewall Rules Turn on ingress and egress Rules Turn on/off various /proc options Outgoing Rules Allow all internal PCs to freely access the Internet Incoming Rules Allow incoming DNS requests to the DNS server Allow incoming SMTP requests to the mail server Allow incoming HTTP requests to the web server Allow incoming FTP requests to the ftp server Allow incoming ssh requests to the ssh server Allow incoming wireless requests to the wireless gw server Allow incoming ppp requests to the ppp gw server Allow incoming secure pop3/imap requests to the secure pop server Allow incoming authenticated vpn requests to the vpn server Disallow messenger.msn.com Disallow oscar.aol.com Disallow messenger.yahoo.com (IIRC) NAT Rules IP Masquerade E-InfoMax.com IPMasquerade IPMasq.cjb.net IP_Masuerade-HOWTO LinuxDoc.org IP_Masquerade-HOWTO CSUChico.edu 3-line IP Masquerade LinuxDoc.org ipchains -P forward DENY ipchains -A forward -i ppp0 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward Egress and Ingress Filtering Ingress Filtering: incoming network traffic entering your LAN IETF.org RFC2827.txt Sans.org Packet_filter - ingress/egress Sans.org Firewall Issues Egress Filtering: outoging network traffic leaving your LAN Sans.org Top Ten Blocking Recommendations Using IPChains Sans.org ipchains Egress Rules Sans.org Egress Filtering - cisco Sans.org Egress Filtering ( same as above ) Incidents.org Egress - cicso Cisco ACLs Firewalls/HowTo/#Cisco Cisco ACLs Proxy Server Rules HiSecure Proxy(?) tcpr ftp and telnet forwarder COAST udprelay Dec.com XForward ReDir port redirector Reverse Pimpage Revision remotely access machines behind a firewall Reverse Utilities telnet/http/ssh access to machines behind a firewall Sock5 SourceForge.net Tsocks SourceForge.net socksd inet.no inet.no dante Umich.edu nylon SolSoft NSM proxy-based firewall httpf filters out java, js, etc tproxy Squid-Cache.org TIS Proxy Server Copyright © 2000 Linux-Consulting All Rights Reserved. Updated: Mon Dec 20 15:37:45 2004 PDT