How to use IP Tables setting on Linux LAN

**Gillian Anderson** · 13-03-2010

Hi,
Can anyone state me the simply of working with IPTables to prevent direct internet virus attacks on Linux. This has become really tough for me where I had failed to configure my system properly and deny all the attacks in the same manner. As network guy I just need to ensure that not attacks can enter the network easily. The most annoying issue today of me is the DoS overloading.

**Milton.J** · 13-03-2010

IP Tables is the filtering tool for a new generation is one of many new Linux kernel 2.4.x However, you can still use ipchains with 2.4 but you'd better forget it, iptables is faster, more flexible, scalable and can do many other things, such as: Source NAT, Destination NAT, avoid multiple forms of attacks by overloading of Service (DoS Denial of Service), and more.

**Snake08** · 13-03-2010

You will first need to read the script of IPTables to get better functioning ability. A new option - reject-with tcp-reset can make the firewall completely transparent vis-a-vis ort scanners. If you want to do the same thing with ipchains, you will need the devil Return-RST). As you see, a basic IPTables script is not really different from ipchains. And if you want to make things more complicated, iptables will be more comfortable ipchains.

**Zachary** · 13-03-2010

If you have trouble with name resolution is that you have discarded too many UDP ports. If you are not using a local name server, random UDP ports (above 1024), will be used by the libc for name resolution, that is why you must leave open the ports above 1024 This is not a satisfactory security standpoint. To have control over these UDP ports, you must install a name server (BIND 8.x or 9.x), and add the line query-source address port 53; in named.conf to set the port to serve DNS requests to 53. After that, you just open port 53 on your firewall (you can also use a port other than 53).

**Big Fish** · 13-03-2010

One of the most important things is to secure the TCP Wrappers. Indeed, a basic installation will enable many services (launched by inetd) that you never use. Remember that most services enabled, means more potential security holes. So edit / etc / inetd.conf and delete any line that is not helpful. You should leave the service 'auth', to be able to obtain some additional information in case your system was used to attack another : It allows a server to know who the user is behind a socket which helps find the culprits.

**Shen** · 13-03-2010

One of the most important things is to secure the TCP Wrappers. Indeed, a basic installation will enable many services (launched by inetd) that you never use. Remember that most services enabled, means more potential security holes. So edit / etc / inetd.conf and delete any line that is not helpful. You should leave the service 'auth', to be able to obtain some additional information in case your system was used to attack another : It allows a server to know who the user is behind a socket which helps find the culprits.

**Steve123** · 13-03-2010

Then, if you really need some services like ftp, smtp, nntp, imap, pop-3, make sure they are run through the TCP Wrappers (/ usr / sbin / tcpd) and and that they are properly configured. For example, if FTP is initiated by the TCP Wrappers, you must have the following line in / etc / inetd.conf: ftp stream tcp nowait root / usr / sbin / tcpd in.ftpd-l-a.