[Techtalk] moving to iptables

[rocketgirl]

Hamster wrote:

>This is highly presumptuous of me to say, given that I know nothing of
>your setup and what you want to achieve with iptables, but instead of slowly
>closing ports off, have you considered changing the default policy on all
>your tables to DROP and then just opening (-j ACCEPT) individual ports as
>you need them?
>  
>
Not presumptuous at all...because I haven't got this down yet.  I've got 
the iptables with default policy DROP on everything and then I just 
opened the ports that I needed as far as the firewall goes...which at 
the moment means that internet and the network printer work.  I've got 
ssh on local network only.  If I understand correctly...then for added 
security I need to go through and edit configuration files of the 
services that have opened ports...either regulating access in these 
files or in the firewall.  I've following the instructions in the 
Linuxchix security lessons.  The work server has practically nothing on 
it, but I've got an experiment box at home where I've installed every 
type of server, service you name it.  When I do nmap on my machine, it 
is a royal roll out.  I'm trying to get a global understanding of all 
these services at the moment. The only correctly functioning service (or 
so it seems to be...) is the DNS server.  Fetchmail is fetching 
something but I don't know what it does with it and sendmail is running 
but hasn't done anything useful yet. Configuration is all wrong and I'm 
still pouring over the tutorials.  There are services that I had no idea 
existed and must have forgotten that I installed them.  Actually, I 
think the smart thing to do might be to deactivate all these services 
till I get a grip on them one by one.

Wendy