[ale] Portsentry and IPTables

djinn djinn at djinnspace.com
Mon Aug 6 14:40:45 EDT 2001


Twofold question:

1) If I have hardened my system with Bastille and am running its'
firewall, and have also written custom rules that say 
iptables -A custom-ruleset <<lots of custom rules here>>
iptables -A INPUT -j custom-ruleset
iptables -A FORWARD -j custom-ruleset

and I load the custom ruleset after starting up Bastille's rules, am I
correct in thinking that those last two lines of my ruleset totally
negate anything Bastille is doing??  It seems to me that since I load
all these rules and then tell iptables to take any INPUT and look in the
custom ruleset, it would negate any of Bastille's INPUT rules...


2) If I am running PortSentry on this same machine and I want it to
alert me if I'm being scanned (testing purposes only), but I'm blocking
all ports except 80 with my firewall, will PortSentry never alert me
because it never sees the scans??  I've tried running nmap against this
machine, and since I'm blocking pings it doesn't return anything, but it
*should* go from port 1-1024 trying and PortSentry *should* scream and
holler about it...but all's quiet in the logs...

As always, TIA
jenn
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list