View Single Post
  #1  
Old 15th July 2010, 01:49
Romoku Romoku is offline
Junior Member
 
Join Date: Jun 2010
Posts: 14
Thanks: 4
Thanked 9 Times in 3 Posts
Default Firewall not installed by default?

After doing some searching I figured out the firewall wasn't installed by default and I just want someone to check that I installed it alright.

I read in the comments section of the debian lenny guide to use

Code:
# apt-get install bastille -y
To install the firewall. I kept the already installed script from ispconfig. I got a weird error from psad

Code:
ERR: Syslog has not been configured to send messages to /var/lib/psad/psadfifo. Please configure it as described in psad(8).
So I googled it and found basic lowdown and the way to debug psad.

I used
Code:
# echo -e ’kern.info\t|/var/lib/psad/psadfifo’ >> /etc/syslog.conf
To fix the original error and I edited the /etc/psad/psad.conf

Code:
EMAIL_ADDRESSES <myemailaddress>;

HOSTNAME                    <myhostname>;

SYSLOG_DAEMON               rsyslogd;

### Only send email alert if danger level >= to this value.
EMAIL_ALERT_DANGER_LEVEL    3;
I went back into my ispconfig 3 webface and deleted the rule and remade.

Open TCP ports: 20,21,22,25,53,80,110,143,443,3306,8080,10000
Open UDP ports: 53,3306

and now my 'iptables -L'

Code:
administrator@web1:~$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (12 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http-alt
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
Do the iptables look alright? I'm not very experienced in the lingo, yet.
Reply With Quote
Sponsored Links