iptables not popular?

ralvez · 2009-03-13 13:50:29

@blackhole,

I use manual configs for my laptop, which is very locked up (the way I like it since I go to public places). For my home network I use SmoothWall Express (It is free for home users) and for my desktop I use Firestarter.
The latter is easy to use, simple, and very configurable. You can get it with pacman (pacman -Sy firestarter).

R.

Raccoon1400 · 2009-03-13 19:42:01

Does an internet switch function as a firewall too? If it does, I am behind two hardware firewalls. If not, than just the router is firewalling me.
My Ethernet also goes though a surge protector. Would that add protection?

Sjoden · 2009-03-14 04:47:53

Switches don't have firewalls. They(almost all) only work at layer two, in other words they don't look at IP addresses, or even packets, but frames and the mac addresses in them.

You can still be vulnerable to certain kinds of attacks, even if you don't have listening services. Packets can be injected into your session with a server/service. Even if they aren't trying to hijack it, injecting packets which the OS isn't expecting or doesn't know how to handle can cause problems, like all tcp flags set, or no tcp flags set, getting an overload of fragmented packets, etc etc.

I configure iptables manually. I use a pretty simple setup myself. I would never trust any of the other network hosts unless I was the only user on them, which is none. Home, work, parents house, coffee shop... My wife's laptop runs Vista, and she's a smart internet user, but even if she was using a linux box which I setup, I'd still be using iptables on both.

joephantom · 2009-03-14 06:13:12

Raccoon1400 wrote:

Does an internet switch function as a firewall too? If it does, I am behind two hardware firewalls. If not, than just the router is firewalling me.

Most swtiches work at OSI layer 2, so they can't implemente a firewall.
Routers don't firewall (well most of them). NAT is not a firewall (however for a home user, in practical terms, it does), and doesn't brings the same functionality.

Raccoon1400 wrote:

My Ethernet also goes though a surge protector. Would that add protection?

No... why would it add protection?

Sjoden wrote:

You can still be vulnerable to certain kinds of attacks, even if you don't have listening services. Packets can be injected into your session with a server/service. Even if they aren't trying to hijack it, injecting packets which the OS isn't expecting or doesn't know how to handle can cause problems, like all tcp flags set, or no tcp flags set, getting an overload of fragmented packets, etc etc.

Clap clap.

Last edited by joephantom (2009-03-14 06:50:06)

quarkup · 2009-07-15 19:49:31

well iptables is very nice.

I got a simple stateful script which blocks all attempts to bruteforcing my ssh and the like.

Last edited by quarkup (2009-07-15 19:51:22)

madeye · 2009-07-16 07:44:17

I use iptables on all my computers. It's always set up manually. Well almost manually.
I made a script containing all my rules, and just run that every time I have a fresh install. Which isn't that often with Linux as it was with windows
It's all very basic rules, as I don't run any services but I am just a little bit paranoid. Guess it comes from my windows days where there was a new attempt to break in every two minutes or so.

B-Con · 2009-07-16 08:01:36

I use iptables. I wrote quite a few custom rules to ensure that only my pre-determined ports can be open. Everything else is as invisible as I can make it. I'd prefer not to even show up on standard IP scans.

Themaister · 2009-07-16 11:46:55

Ranguvar wrote:

You're forgetting a couple things
iptables is indeed simple and basic, but I fail to see where that's a problem. Remember, a firewall's purpose is to block stuff - that's all. iptables is a way to do that. It might not be the most elegant tool for doing complex filtering, but that's where you would install something else, which might use iptables as the backend. And this is Arch - I'm sure many Linux distros do install a high-level firewall, but Arch's goal is to be simple and minimal out of the box. This isn't even really a problem with Arch - as others mentioned before, Arch comes by default with all ports closed. So unless you open some yourself, nothing to worry about

All ports closed by default? How come I run services just fine? :S Or do you mean that the standard set of rules that are included with iptables are set to "close all ports"? I never installed iptables

Last edited by Themaister (2009-07-16 11:47:18)

jerik · 2009-07-16 17:47:26

Have any of you tried IQFire-wall? [urlhttp://www.giacomos.it/iqfire/index.html][/url] which i based on IPFIRE?

sirocco · 2009-07-16 18:08:13

... and another "flexible front-end for iptables"

http://code.google.com/p/flex-fw/

jerik · 2009-07-16 18:22:50

But, IQFire is not for iptables

Bob_Sheep · 2009-07-16 18:51:09

I tried iptables once, it confused the hell out of me. Shorewall made it a lot easier to configure.

majiq · 2009-07-16 21:04:34

I've only used iptables for port forwarding, but I trust my local network since I have a hardware firewall and it's a home computer, and no one in my family knows enough to or would attack my computer. They know better. However, I was somewhat lenient with the rules on the forwarding. Conceivably, someone could send something via my wireless directed to my XBox which starts something malicious on it which then returns to me via the trusted ethernet port. Conceivably. Not likely enough to bother protecting against. Also because I've found, perhaps inexplicably, that when I set too many rules and did too much internal re-routing from chain to chain, it affected the reported MTU or the connection entirely.

fukawi2 · 2009-07-16 22:29:24

Themaister wrote:

All ports closed by default? How come I run services just fine?

All ports closed as in no services running by default. As soon as you install any services (ssh etc) then you're opening ports up.

Themaister · 2009-07-17 02:54:04

Owh, if you put it that way So, basically, an Arch setup with no services running should be pretty much impenetrable or what?

Last edited by Themaister (2009-07-17 02:55:04)

rwd · 2009-07-17 10:14:38

Themaister wrote:

Owh, if you put it that way So, basically, an Arch setup with no services running should be pretty much impenetrable or what?

Well yes services in the sense of 'apps listening to a port other than 127.0.0.1:* ', not daemons per se. To check which apps are listening do a

sudo netstat --numeric-hosts --listening --tcp --udp --programs

Last edited by rwd (2009-07-17 10:25:40)

R00KIE · 2009-07-17 18:17:25

Themaister wrote:

Owh, if you put it that way So, basically, an Arch setup with no services running should be pretty much impenetrable or what?

I'm not an expert in security (not even close) but even if you don't have services/programs running and listening to some ports you can be attacked I guess (not as in getting into your machine but in finding ways to steal confidential data).

I have recently started using iptables/netfilter (learning bit by bit how to master my system) and by looking at the guide in the wiki there are more nasty things a firewall can block than just nasty programs listening on some ports (I believe some of those bad things can also be blocked by the kernel (?) itself by adding some entries in /etc/sysctl.conf).

At school I'm not sure which kind of protection level they offer in the wireless so iptables is my friend to help me try to secure my system.

On the routers side of things ..... well they can be secure but you never know, have you ever searched for security holes? I have replaced my router recently because a storm burned my old one (edimax -> dlink) and I found out that this new router provides some undesirable "features".
I consider one a serious security flaw, it seems there is some kind of "feature" that can allow your isp to reconfigure things in your router if needed (and if that is a service your isp supports and you configure it properly in the router ..... ).

The thing is that port 30005 is open to the outside and accepting connections, it even prompts for a login if you type 'router_ip:30005' in your browser, sooo anyone thinking of reconsidering routers are quite safe?

This router does run linux and I have found 9 rules in iptables that I don't need and can remove (aint expect so nice, automated telnet login and rules removal ) . That makes that open port go away .... until the next time there is an external ip change (which is every 36 hours here).

Call me paranoid but better be safe than get some nasty surprise later

linkmaster03 · 2009-07-21 01:36:14

I'm not running iptables because the only service I have running is oidentd, and I'm behind two routers with firewalls. I should probably set up iptables sometime just to be safe though.

Arch Linux

#51 2009-03-13 13:50:29

Re: iptables not popular?

#52 2009-03-13 19:42:01

Re: iptables not popular?

#53 2009-03-14 04:47:53

Re: iptables not popular?

#54 2009-03-14 06:13:12

Re: iptables not popular?

#55 2009-07-15 19:49:31

Re: iptables not popular?

#56 2009-07-16 07:44:17

Re: iptables not popular?

#57 2009-07-16 08:01:36

Re: iptables not popular?

#58 2009-07-16 11:46:55

Re: iptables not popular?

#59 2009-07-16 17:47:26

Re: iptables not popular?

#60 2009-07-16 18:08:13

Re: iptables not popular?

#61 2009-07-16 18:22:50

Re: iptables not popular?

#62 2009-07-16 18:51:09

Re: iptables not popular?

#63 2009-07-16 21:04:34

Re: iptables not popular?

#64 2009-07-16 22:29:24

Re: iptables not popular?

#65 2009-07-17 02:54:04

Re: iptables not popular?

#66 2009-07-17 10:14:38

Re: iptables not popular?

#67 2009-07-17 18:17:25

Re: iptables not popular?

#68 2009-07-21 01:36:14

Re: iptables not popular?

Board footer