Gentoo Archives: gentoo-security

From: Dave Strydom <strydom.dave@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] If your interested
Date: Mon, 10 Oct 2005 06:13:20
In Reply to: Re: [gentoo-security] If your interested by Elisamuel Resto
It's part of the iptables patch-o-matic

It's a little mission to install it, but it's worth it and makes blocking
stuff a hell of a lot eaiser.

download the latest patch-o-matic-ng-XXXXXX.tar.gz
add extensions to your /etc/make.conf USE flags

cd /usr/src
tar -xvjpf iptables-1.3.2.tar.bz2
mv iptables-1.3.2 iptables
tar xfz patch-o-matic-ng-XXXXXX.tar.gz
cd patch-o-matic-ng
IPTABLES_DIR=/usr/src/iptables KERNEL_DIR=/usr/src/linux ./runme geoip

Then recompile your kernel with the geoip support (it will be in your
iptables section of the kernel at the bottom)
Reboot to use the new kernel

cd /usr/src
mv iptables iptables-1.3.2
tar -cvjpf iptables-1.3.2.tar.bz2 iptables-1.3.2
mv iptables-1.3.2.tar.bz2 /usr/portage/distfiles/
cd /usr/portage/net-firewall/iptables
ebuild iptables-1.3.2.ebuild digest
emerge iptables

and thats it, some examples on how to use it can be found here:

I found this patch very VERY useful for our mail server, in South Africa,
bandwidth is expensive.. very expensive, by happy if you have a 10MB
connection, since 64K international bandwidth costs about R6000 ($950)
per/month (thats per 64K chuck of bandwidth) Local bandwidth is around R700
($110) per 64K chunk.
So the problem we had was that all incoming mail from overseas was clogging
up our international bandwidth, so by using this geoip patch i have this in
my firewall:

$IPTABLES -A INPUT -p tcp -m geoip ! --src-cc ZA --dport 25 -j REJECT

In effect, this would stop any and all international mail servers outside of
south africa from connecting to mine.

So what happens to all international mail? well simple, you add two MX
records (mail records) for each domain.

so like: <> IN MX 10<>
IN MX 20 <>.

Because all mail fails to connect to the MX 10, it will fallback onto the MX

This way i am about to virus and spam scan all international mail overseas,
and then I forward on only the clean messages (you can either open a hole in
your firewall to allow this server to connect, or setup a vpn between them)


On 10/10/05, Elisamuel Resto <user00265@×××××.com> wrote:
> > I just wonder where this patch resides? and for which version what version > it applies and such... I saw it in a earlier post but it got lost somewhere > in my inbox. Anybody care to post it? > > Thanks. > > On 10/10/05, Dave Strydom <strydom.dave@×××××.com> wrote: > > > > I think there is an easier way of doing this... > > > > Why not use the GEOIP IPTABLES patch and then just use this in your > > firewall: > > > > > > ----------------------------------------------------------------------------------------- > > $IPTABLES -A INPUT -p tcp -m geoip --src-cc CN -j DROP > > $IPTABLES -A INPUT -p tcp -m geoip --src-cc KR -j DROP > > $IPTABLES -A INPUT -p tcp -m geoip --src-cc TW -j DROP > > $IPTABLES -A INPUT -p tcp -m geoip --src-cc HK -j DROP > > > > ----------------------------------------------------------------------------------------- > > > > This way you have 4 simple rules which do the work of that entire > > script. > > > > > > On 10/10/05, Taka John Brunkhorst <antiwmac@×××××.com > wrote: > > > > > > nice but why do we need to block them? > > > ssh worms? or just lamers? > > > > > > -- > > > antiwmac@×××××.com > > > Taka John Brunkhorst > > > > > > >


Subject Author
Re: [gentoo-security] If your interested Brian Micek <bmicek@×××××××××.net>