[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Mon Jul 12 19:15:56 2004 -->
- <!--x-from-r13: obo ng irelfrpheryvahk.pbz (Pbo Fbkra) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: 1089564180.3900.7.camel@devel -->
- <!--x-reference: [email protected] -->
- <!--x-reference: 1089637340.15358.4.camel@devel --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] IPtables question -->
- <li><em>date</em>: Mon Jul 12 19:15:56 2004</li>
- <li><em>from</em>: bob at verysecurelinux.com (Bob Toxen)</li>
- <li><em>in-reply-to</em>: <1089637340.15358.4.camel@devel></li>
- <li><em>references</em>: <1089564180.3900.7.camel@devel> <<a href="msg00333.html">[email protected]</a>> <1089637340.15358.4.camel@devel></li>
- <li><em>subject</em>: [ale] IPtables question</li>
> > >I just added a 3rd nic to my linux firewall. On that nic I hav it
> > >directly connected via cross-over to a server that is running an
> > >application. I did this because my customers will be using that
> > >application from the Internet. If for some reason someone was to gain
> > >access to that box I do not want them to be able to come back to the
> > >firewall and jump over to the 2nd nic to my company network.
> > >What would be a good rule that would allow all incoming traffic from
> > >the outside and 2nd nic to that box but would disallow any traffic
> > >originating from that machine?
> > To solve this effectively, you can try using Bob's iptables rules in his
> > book (2nd ed.) and adapt a second set of variables for the 3rd
> > interface. Diagram what you want to go where in map and work your way
> > thru his ruleset to make sure nothing violates the allowed pathways.
...
> What is the name of the book?
"Real World Linux Security: Intrusion Detection, Prevention, and Recovery"
2nd Ed., Prentice Hall, (C) 2003, 848 pages, ISBN: 0130464562
Also available in Japanese, Chinese, and Czech.
By Bob Toxen
<a rel="nofollow" href="http://www.realworldlinuxsecurity.com";>http://www.realworldlinuxsecurity.com</a> [My 5* book: "Real World Linux Security"]
...
(I'm in Denver through Wednesday teaching a class on Computer Security
so my Internet access and email is spotty.)
Best regards,
Bob Toxen, CTO
Fly-By-Day Consulting, Inc.
"Your expert in Firewalls, Virus and Spam Filters, VPNs,
Network Monitoring, and Network Security consulting"
<a rel="nofollow" href="http://www.verysecurelinux.com";>http://www.verysecurelinux.com</a> [Network & Linux/Unix Security Consulting]
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00314" href="msg00314.html">[ale] IPtables question</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Chris Fowler)</li></ul></li>
<li><strong><a name="00333" href="msg00333.html">[ale] IPtables question</a></strong>
<ul><li><em>From:</em> Dow.Hurst at mindspring.com (Dow Hurst)</li></ul></li>
<li><strong><a name="00338" href="msg00338.html">[ale] IPtables question</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Chris Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00363.html">[ale] OT: nakes DSL</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00365.html">[ale] Is this bad?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00338.html">[ale] IPtables question</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00339.html">[ale] IPtables question, OOPS File Attached</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00364"><strong>Date</strong></a></li>
<li><a href="threads.html#00364"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>