Date: Sat, 20 Jun 1998 04:37:05 -0400
From: Adam Sulmicki <[email protected]>
To: [email protected]Subject: [linux-security] Named and Firewalls
Cc: [email protected]
Since it seems that named is theme of the month. I though I would present
an example of using firewall to protect your bind service.
One of reasons for presenting is that in all examples shown so far
it seemed that everyone suggested to leave named full-open. However,
it does not always have to be case. Say, if you are running an private
network then you want just to allow named get data transfers from
trusted host and that is all.
[root@eax /root]# cat ipfwadm-named
#!/bin/sh
#allow connection only from trusted named servers
ME="1.2.3.4" # MY ip
NS1="10.20.30.41" # IP of the primary name server
NS2="10.20.30.42" # IP of the secondary name server
NS3="10.20.30.43" # IP of the trietary name server
SRV="domain"
/sbin/ipfwadm -I -f
/sbin/ipfwadm -I -a accept -D ${ME} $SRV -W eth0 -P udp -S $NS1 $SRV
/sbin/ipfwadm -I -a accept -D ${ME} $SRV -W eth0 -P tcp -S $NS1 $SRV
/sbin/ipfwadm -I -a accept -D ${ME} $SRV -W eth0 -P udp -S $NS2 $SRV
/sbin/ipfwadm -I -a accept -D ${ME} $SRV -W eth0 -P tcp -S $NS2 $SRV
/sbin/ipfwadm -I -a accept -D ${ME} $SRV -W eth0 -P udp -S $NS3 $SRV
/sbin/ipfwadm -I -a accept -D ${ME} $SRV -W eth0 -P tcp -S $NS3 $SRV
/sbin/ipfwadm -I -a reject -D ${ME} $SRV -W eth0 -P tcp -o -v -x -e
/sbin/ipfwadm -I -a reject -D ${ME} $SRV -W eth0 -P udp -o -v -x -e
And while we are speaking about named. Here is an example
as someone from "Catholic liberal arts institution" (as per their web
page) connecting to my box. I assume that person was scanning
whole subnet searching for vulnerable versions of named.
Jun 20 03:12:52 foo kernel: IP acct in eth0 TCP 206.244.45.248:2666 a.b.c.d:53 L=40 S=0x00 I=1795 F=0x0000 T=233
Jun 20 03:12:52 foo named[292]: accept: Connection reset by peer
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe [email protected] < /dev/null