Topic: Filtering IP's

[Matt Goss]

Is there a way on E-smith to filter out certain users from scanning my machine?

In particular, I'd like to block out the @Home security scanners from having any access to my box whatsoever, maybe not even be able to ping it.

Any ideas?

Thanks!
Matt

[Jason Schofield]

There is a way to do it.. but the way i know is throught ipchains on mandrake 6.0-7.2
with this e-smith linux. i havent work it out yet. i have @home as well. and also work for the Tech support for @home. and you really dont have to worry.. the scaners only look for smtp and nntp servers. web and ftp server are allowed now. no matter who the secondary provier is (rogers, roadrunner, quest, etc)
just a little tip for ya.

oh you really don't want to deny icmp requests to your box..  (makes it easy to have your ip stolen on @home)

[Charlie Brady]

Jason Schofield wrote:

> There is a way to do it.. but the way i know is throught
> ipchains

Adding a small custom template would not be difficult, and would be the correct way of doing this.

> also work for the
> Tech support for @home. and you really dont have to worry.. the
> scaners only look for smtp and nntp servers.

And what do the do if they find an smtp port open? Most linux boxes will fit in that category, as will all e-smith servers.

Regards

Charlie

[Jason Schofield]

As  long as the smtp port requires login your fine.. its becasue if the Anti-Spam policy. spamers love wide open smtp severs.. so as long as make users login. your fine.  i've only ever herd of a few people getting ther serivce cut for running smtp.

Jason

[Jason Schofield]

Well after some investigating, i found that the e-smith is useing wonderfull ipchains
its in the /bin directory, you accualy have to goto the directory becuase theres no path for in you profile. but for some port filtering you can run somthing like this :

ipchains -A input -s 192.168.1.1 -p icmp -j DENY

 this is for ping of corse.. (change the ip to yours as well), this will deny any incomming pings for outside computers. this also works with the rest of the ports as well ex.

ipchains -A input -s 192.168.1.1 -p smtp -j DENY
ipchains -A input -s 192.168.1.1 -p nntp -j DENY

heres a little explanation

ipchains -A input -s 127.0.0.1 -p icmp -j DENY

ipchains       - the program itself            
-A              -  this tells ipchains to add a rule
input           -  specifies witch rule set (input,output,forward,etc.)
-s               - i can remember exactly what this means. you just need it
192.168.1.1  - self explanitory
-p               - tells ipchains that there is a specific port involed
smpt            - this port involed, here i have the name but you can also but the #
-j                - i forget this one to..
DENY           - tells is chains to deny any packets from selected port

and now you have it. this conculdes ipchains 101. *laugh*
this is basic and in NO way secure.. ipchains is a very good piece if linux software and i definaty encourage you to check out this site (this is where i learned all about ipchains)  http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO-4.html
as well there is a ip-masqurade howto here as well..

Jason

[Charlie Brady]

Jason Schofield wrote:

> As  long as the smtp port requires login your fine..

Most SMTP servers do not support authentication and most mail clients do not support authenticated SMTP.

>its becasue if the Anti-Spam policy. spamers love wide open smtp
> severs.. so as long as make users login. your fine.

See above.

However, what really matters is whether the SMTP server will relay third party email. The e-smith server does not.

Regards

Charlie

[Matt Goss]

Thank guys!  Much apprecaited!