[gobolinux-users] iptables problem

Viola Zoltán violazoli at gmail.com
Fri Jun 8 21:24:30 UTC 2007 

I Compile succeeded the iptables. I try create its "rules". But write me any
"missing module":

pv at Csiszilla /Programs/Iptables/Settings]./szabalyok
iptables v1.3.2: Couldn't load match
`psd':/Programs/Iptables/1.3.2/lib/iptables/libipt_psd.so: cannot open
shared object file: No such file or directory

In the "szabalyok" script is the following:

#!/bin/zsh
#Minden tilos, ami nincs külön engedélyezve
iptables -P INPUT DROP; iptables -A INPUT -m state --state
RELATED,ESTABLISHED -j ACCEPT

#Tudni akarom, ki csatlakozik az FTP szerveremhez.
iptables -A INPUT -p tcp -m state --state NEW --dport 21 -j LOG --log-prefix
"[FTP_KAPCSOLAT] "

#engedélyezni akarom a bejövő FTP,WWW,SMTP kapcsolatokat.
iptables -A INPUT -p tcp -m multiport --dports ftp,www,smtp -j ACCEPT

#A portscan-gyanús csomagokat el akarom dobni.
# (csak ha bele van patch-elve a kernelbe)
iptables -I INPUT -m psd --psd-weight-threshold 60 --psd-delay-threshold
10000 --psd-lo-ports-weight 10 --psd-hi-ports-weight 5 -j REJECT

#Engedélyezem a 62144 portot az Azureus számára
iptables -A INPUT -p tcp --dport 62144 -j ACCEPT


I try the following usable of iptables:

- all is disabled, if not explicit enabled.
- log of the FTP connections
- enabled www, ftp, smtp connections, and the 62144 port for decentralized
tracking of Azureus bittorrent kliens
- if a package seems to portscan, this should rejected

And, it is not done: I want enable the https, ftps. And I want, the root
user CANNOT access to Internet with any port (nothing input and output
to/from Internet) , BUT the wget (only the root-used wget) yes if the root
user use this wget progs (this need for the Compile and InstallPackage as
root). Of course, the wget can used by the non-root-privilegized user. But
the root can connect to the Internet only with the wget. How can I make
this?

And, what is the best methode, automatic starting of the iptables at bootup?

Thanks! (btw: I am TOTAL beginner in the NET-knowledge! This is me first
probe in the firewall-themes...)

Zoli




-- 
Honlapom: http://poliverzum.birodalom.net/powi
Fórumom: http://birodalom.net/forum

A #86-os sorszámú hivatalosan bejegyzett GoboLinux felhasználó
The #86 official GoboLinux-user

A GoboLinux felhasználók hivatalos magyar fóruma:
The official forum for the hungarian GoboLinux-users:
http://linux.birodalom.net/smf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.gobolinux.org/pipermail/gobolinux-users/attachments/20070608/b9b94b60/attachment-0001.htm

More information about the gobolinux-users mailing list