 |  |  |  |  |  |  |  |
iptables question (kinda general firewall question)
 |
Hi
Could one of you kind people who know tell me - and other readers - if it is safe practice to let all local-host to local-host connections happen ? I know that most illicit connections happen through already open ports, but what is good practice ?
specifically, is it dangerous to do :
# tcp OUT table
iptables -A tcp_out -p tcp -d $LOCALHOST_IP -j ACCEPT
instead of :
#iptables -A tcp_out -p tcp -dport $MYSQL_PORT -d $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_out -p tcp -dport $DICT_PORT -d $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_out -p tcp -dport $XFS_PORT -d $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_out -p udp -dport $XFS_PORT -d $LOCALHOST_IP -j ACCEPT
:
:
and likewise :
# tcp IN table
iptables -A tcp_in -p tcp -s $LOCALHOST_IP -j ACCEPT
instead of :
#iptables -A tcp_in -p tcp -sport $MYSQL_PORT -s $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_in -p tcp -sport $DICT_PORT -s $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_in -p tcp -sport $XFS_PORT -s $LOCALHOST_IP -j ACCEPT
:
:
:
and, just asking for completeness, what about :
iptables -A non_tcp_in -p icmp -s $LOCALHOST_IP -j ACCEPT
Could one of you kind people who know tell me - and other readers - if it is safe practice to let all local-host to local-host connections happen ? I know that most illicit connections happen through already open ports, but what is good practice ?
specifically, is it dangerous to do :
# tcp OUT table
iptables -A tcp_out -p tcp -d $LOCALHOST_IP -j ACCEPT
instead of :
#iptables -A tcp_out -p tcp -dport $MYSQL_PORT -d $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_out -p tcp -dport $DICT_PORT -d $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_out -p tcp -dport $XFS_PORT -d $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_out -p udp -dport $XFS_PORT -d $LOCALHOST_IP -j ACCEPT
:
:
and likewise :
# tcp IN table
iptables -A tcp_in -p tcp -s $LOCALHOST_IP -j ACCEPT
instead of :
#iptables -A tcp_in -p tcp -sport $MYSQL_PORT -s $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_in -p tcp -sport $DICT_PORT -s $LOCALHOST_IP -j ACCEPT
#iptables -A tcp_in -p tcp -sport $XFS_PORT -s $LOCALHOST_IP -j ACCEPT
:
:
:
and, just asking for completeness, what about :
iptables -A non_tcp_in -p icmp -s $LOCALHOST_IP -j ACCEPT
hey u can allow the local host but make sure that they are from the inside n\w
because there are some cases that ip address is of inside hosts
but they come from outside n\w
because there are some cases that ip address is of inside hosts
but they come from outside n\w
|
Other Threads in the Network Security Forum
- Previous Thread: DNS rebinding demo
- Next Thread: Gumblar hitting Googlers hard
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Network Security Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
adobe advice antivirus apple attack banking blackhat bot botnet breach browser business cellphone china crime cybercrime cyberwarfare daniweb data database dataloss dataprotection development email emailretention encryption exploit facebook firefox flash forensic fraud gartner google government hack hacker hacking hardware identity idtheft information internet iphone kaspersky koobface law linux malware mcafee mckinnon microsoft military mobile nasa nationalsecurity network news obama olympics p2p password passwords pdf pentagon phishing php politics privacy report research review sans satnav scam school search security socialnetworking software spam survey symantec symbian terrorism terrorist trends trojan trojans twitter uk usb virus vulnerability warning web word worm yahoo zeroday
