An Easy Tutorial on IP Tables and Port Knocking - page 2
Basic Preparation
Now to secure your firewall. The YaST2 firewall is very nice except for one part. There are two types of packets that aren't treated the the same way. For every other packet, if the port is closed when it's sent to you, the firewall just eats them. To an attacker it just looks like the packets sent didn't hit anything and therefore there is no computer there.
For ICMP type 8 and IDENT packets, however, the firewall will send a response saying the port is closed and would you kindly please start attacking me because you now know someone is here. In order for the firewall to treat those packets like any other, you need to add an entry to the IP tables. open a console, su - into root, cd into /etc/sysconfig/scripts, start a text editor to open SuSEfirewall2-custom. Now, just copy and paste the following into the fw_custom_after_antispoofing() section of the document.
################################################### # # Start # Rules to make the host invisible on the Internet # ################################################### # Setup new chain iptables -N INVISIBLE # Drop incoming ICMP packets #(Note: uses $FW_DEV_EXT variable setup in main SuSEfirewall2 script) iptables -A INVISIBLE -p icmp -i $FW_DEV_EXT -m state --state NEW -m icmp --icmp-type 8 -j DROP # Drop identd packets from unknown hosts iptables -A INVISIBLE -p tcp --dport 113 -m state --state NEW -j DROP # Send the packets I want to examine further to my INVISIBLE chain iptables -A INPUT -p icmp -i $FW_DEV_EXT -m state --state NEW -j INVISIBLE iptables -A INPUT -p tcp --dport 113 -j INVISIBLE ################################################### # # End # Rules to make the host invisible on the Internet # ###################################################
While your at it, copy this as well and put it right under the previous code:
Digg
del.icio.us
Slashdot
DZone
Reddit
StumbleUpon
Facebook
FriendFeed
Furl
Newsvine
Google
LinkedIn
MySpace
Technorati
Twitter
Windows Live
YahooBuzz################################################### # # Start Port Knocking Configuration # ################################################### #Enter the 4 ports used as the port knocking combination TOKEN1="10" TOKEN2="20" TOKEN3="30" TOKEN4="40" #Enter the port to open after successful know OPENPORT="22" #Enter the number of seconds the port will remain open waiting for you to connect OPENTIMER="10" iptables -N TOKEN1CHAIN iptables -A TOKEN1CHAIN -m recent --name TOKEN1A --remove iptables -A TOKEN1CHAIN -m recent --name TOKEN2A --remove iptables -A TOKEN1CHAIN -m recent --name TOKEN3A --remove iptables -A TOKEN1CHAIN -m recent --name TOKEN4A --remove iptables -A TOKEN1CHAIN -m recent --name TOKEN1A --set iptables -A TOKEN1CHAIN -m recent --name TOKEN1B --set iptables -A TOKEN1CHAIN -j LOG --log-prefix "TOKEN1 Received: " iptables -N PRE-TOKEN2CHAIN iptables -A PRE-TOKEN2CHAIN -p tcp --dport $TOKEN2 -m recent --rcheck --name TOKEN1A -j RETURN iptables -A PRE-TOKEN2CHAIN -p tcp --dport $TOKEN1 -m recent --name TOKEN1B --remove -j RETURN iptables -A PRE-TOKEN2CHAIN -m recent --name TOKEN1A --remove iptables -A PRE-TOKEN2CHAIN -j LOG --log-prefix "VIOLATION AFTER TOKEN1: " iptables -N TOKEN2CHAIN iptables -A TOKEN2CHAIN -m recent --name TOKEN1A --remove iptables -A TOKEN2CHAIN -m recent --name TOKEN2A --set iptables -A TOKEN2CHAIN -m recent --name TOKEN2B --set iptables -A TOKEN2CHAIN -j LOG --log-prefix "TOKEN2 Received: " iptables -N PRE-TOKEN3CHAIN iptables -A PRE-TOKEN3CHAIN -p tcp --dport $TOKEN3 -m recent --rcheck --name TOKEN2A -j RETURN iptables -A PRE-TOKEN3CHAIN -p tcp --dport $TOKEN2 -m recent --name TOKEN2B --remove -j RETURN iptables -A PRE-TOKEN3CHAIN -m recent --name TOKEN2A --remove iptables -A PRE-TOKEN3CHAIN -j LOG --log-prefix "VIOLATION ATFER TOKEN2: " iptables -N TOKEN3CHAIN iptables -A TOKEN3CHAIN -m recent --name TOKEN2A --remove iptables -A TOKEN3CHAIN -m recent --name TOKEN3A --set iptables -A TOKEN3CHAIN -m recent --name TOKEN3B --set iptables -A TOKEN3CHAIN -j LOG --log-prefix "TOKEN3 Received: " iptables -N PRE-TOKEN4CHAIN iptables -A PRE-TOKEN4CHAIN -p tcp --dport $TOKEN4 -m recent --rcheck --name TOKEN3A -j RETURN iptables -A PRE-TOKEN4CHAIN -p tcp --dport $TOKEN3 -m recent --name TOKEN3B --remove -j RETURN iptables -A PRE-TOKEN4CHAIN -m recent --name TOKEN3A --remove iptables -A PRE-TOKEN4CHAIN -j LOG --log-prefix "VIOLATION AFTER TOKEN3: " iptables -N TOKEN4CHAIN iptables -A TOKEN4CHAIN -m recent --name TOKEN3A --remove iptables -A TOKEN4CHAIN -m recent --name TOKEN4A --set iptables -A TOKEN4CHAIN -m recent --name TOKEN4B --set iptables -A TOKEN4CHAIN -m recent --name TOKEN4C --set iptables -A TOKEN4CHAIN -j LOG --log-prefix "TOKEN4 Received: " iptables -N PRE-OPENPORT iptables -A PRE-OPENPORT -p tcp --dport $OPENPORT -m recent --rcheck --name TOKEN4C -j LOG --log-prefix "TOKEN OK: " iptables -A PRE-OPENPORT -p tcp --dport $OPENPORT -m recent --name TOKEN4C --remove iptables -A PRE-OPENPORT -p tcp --dport $OPENPORT -m recent --rcheck --name TOKEN4A -j RETURN iptables -A PRE-OPENPORT -p tcp --dport $TOKEN4 -m recent --name TOKEN4B --remove -j RETURN iptables -A PRE-OPENPORT -m recent --name TOKEN4A --remove iptables -A PRE-OPENPORT -j LOG --log-prefix "VIOLATION AFTER TOKEN4: " iptables -A INPUT -p tcp --dport $TOKEN1 -m recent --set --name TOKEN1A -j TOKEN1CHAIN iptables -A INPUT -m recent --rcheck --name TOKEN1A -j PRE-TOKEN2CHAIN iptables -A INPUT -p tcp --dport $TOKEN2 -m recent --rcheck --name TOKEN1A -j TOKEN2CHAIN iptables -A INPUT -m recent --rcheck --name TOKEN2A -j PRE-TOKEN3CHAIN iptables -A INPUT -p tcp --dport $TOKEN3 -m recent --rcheck --name TOKEN2A -j TOKEN3CHAIN iptables -A INPUT -m recent --rcheck --name TOKEN3A -j PRE-TOKEN4CHAIN iptables -A INPUT -p tcp --dport $TOKEN4 -m recent --rcheck --name TOKEN3A -j TOKEN4CHAIN iptables -A INPUT -m recent --rcheck --name TOKEN4A -j PRE-OPENPORT iptables -A INPUT -p tcp --dport $OPENPORT -m recent --rcheck --seconds $OPENTIMER --name TOKEN4A -j ACCEPT ################################################### # # End Port Knocking Configuration # ###################################################
Change the Token number from 10, 20, 30, 40 to any other numbers you want up to 1024. Think of this combination of numbers as your access code, because it is. This is the combination of numbers you will feed to your firewall to let you in, so remember them.
The other things you need to change before you restart your firewall are here:
- Edit /etc/sysconfig/SuSEfirewall2 and change
FW_CUSTOMRULES=""toFW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom", andFW_DEV_EXT="any eth-id-xx:xx:xx:xx:xx:xx"toFW_DEV_EXT="eth0"orFW_DEV_EXT="eth1"(Use the correct name for your external interface, remembering the setting from YaST2.) - Restart the firewall service by issuing the following commands from a terminal as root:
SuSEfirewall2 stop SuSEfirewall2 start
Bam: totally secure firewall that will let you through. How do you use it? Well, use differs depending on if you're trying to connect from a Linux box or from a Windows box, but the concept is the same. We can demonstrate the use from the aspect of a Windows machine, since that is the slightly more complicated setup.
- Skip Ahead
- 1. Basic Preparation
- 2. Basic Preparation
- 3. Basic Preparation
Solid state disks (SSDs) made a splash in consumer technology, and now the technology has its eyes on the enterprise storage market. Download this eBook to see what SSDs can do for your infrastructure and review the pros and cons of this potentially game-changing storage technology.
