HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_141
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 141     # UDP is the preferred method:  6970:6999     # For LAN machines, UDP requires the RealAudio masquerading module and     # the ipmasqadm third-party software.     ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \              -s $ANYWHERE $UNPRIVPORTS \              -d $IPADDR 6970:6999 -j ACCEPT     ipchains -A output -i $EXTERNAL_INTERFACE -p udp \              -s $IPADDR $UNPRIVPORTS \              -d $ANYWHERE $UNPRIVPORTS -j ACCEPT     # ------------------------------------------------------------------     # WHOIS client (43)     # ----------------- #    ipchains -A input  -i $EXTERNAL_INTERFACE -p tcp ! -y \ #             -s $ANYWHERE 43 \ #             -d $IPADDR $UNPRIVPORTS -j ACCEPT   #    ipchains -A output -i $EXTERNAL_INTERFACE -p tcp \ #             -s $IPADDR $UNPRIVPORTS \ #             -d $ANYWHERE 43 -j ACCEPT       # ------------------------------------------------------------------     # OUTGOING TRACEROUTE     # -------------------     ipchains -A output -i $EXTERNAL_INTERFACE -p udp \              -s $IPADDR $TRACEROUTE_SRC_PORTS \              -d $ANYWHERE $TRACEROUTE_DEST_PORTS -j ACCEPT   # ---------------------------------------------------------------------------- # Unlimited traffic within the local network.     # All internal machines have access to the firewall machine.     ipchains -A input  -i $LOCAL_INTERFACE_1 -s $LOCALNET_1 -j ACCEPT       ipchains -A output -i $LOCAL_INTERFACE_1 -d $LOCALNET_1 -j ACCEPT   # ----------------------------------------------------------------------------     # FreeS/WAN IPSec VPN     # -------------------     # If you are using the FreeSWAN IPSec VPN, you will need to fill in the     # addresses of the gateways in the IPSECSG and the virtual interfaces for     # FreeS/Wan IPSEC in the FREESWANVI parameters. Look at the beginning of     # this firewall script rules file to set the parameters.     # IPSECSG is a Space separated list of remote gateways. FREESWANVI is a      # Space separated list of virtual interfaces for FreeS/Wan IPSEC     # implementation. Only include those that are actually used.     # Allow IPSEC protocol from remote gateways on external interface     # IPSEC uses three main types of packet:     # IKE uses the UDP protocol and port 500,     # ESP use the protocol number 50, and     # AH use the protocol number 51 #    ipchains -A input  -i $EXTERNAL_INTERFACE -p udp \ #             -s $IPSECSG -j ACCEPT