| 1 |
On Mon, Apr 12, 2010 at 8:31 AM, Tanstaafl <tanstaafl@×××××××××××.org> wrote: |
| 2 |
> On 2010-04-11 9:20 AM, Graham Murray wrote: |
| 3 |
>> Tanstaafl <tanstaafl@×××××××××××.org> writes: |
| 4 |
>>> I'm a bit clueless when it comes to firewalls, and have no idea what |
| 5 |
>>> these numbers mean/do: |
| 6 |
>>> |
| 7 |
>>> *raw |
| 8 |
>>> :PREROUTING ACCEPT [4911:886011] |
| 9 |
>>> :OUTPUT ACCEPT [4546:2818732] |
| 10 |
>>> COMMIT |
| 11 |
> |
| 12 |
>> The numbers are [packets:bytes] which match the rule or table |
| 13 |
>> concerned. |
| 14 |
> |
| 15 |
> Ok, so... I still don't know what they *mean*... ie, is this a hole in |
| 16 |
> my firewall? What is the raw table used for, in plain english? |
| 17 |
> |
| 18 |
> More importantly though... |
| 19 |
> |
| 20 |
> When I try to remove the nat and raw tables from my firewall, they don't |
| 21 |
> go away. I have always kept my rules in a separate file, and when I want |
| 22 |
> to make changes, I change the external file, then do iptables-restore < |
| 23 |
> /path/to/iptables-current. |
| 24 |
> |
| 25 |
> (My rule set is very small, so this only takes a second or two, so its |
| 26 |
> not/never been a problem) |
| 27 |
> |
| 28 |
> I've been doing it this way for a long time, and all other changes I |
| 29 |
> have ever made - eg, opening a certain port for a certain host - work |
| 30 |
> fine, but, when I comment out the raw and nat tables, then restore the |
| 31 |
> rules, then do iptables-save > path/to/iptables-current-dump, the |
| 32 |
> examined file still shows the raw and nat tables loaded... ??? |
| 33 |
> |
| 34 |
> |
| 35 |
|
| 36 |
Here is a very useful book. I think he is the expert. He will answer email. |
| 37 |
|
| 38 |
LINUX FIREWALLS |
| 39 |
Attack Detection and Response with iptables, psad, and fwsnort |
| 40 |
by Michael Rash |
| 41 |
|
| 42 |
ISBN-10: 1-59327-141-7 |
| 43 |
ISBN-13: 978-1-59327-141-1 |
| 44 |
|
| 45 |
No Starch Press, Inc. |
| 46 |
555 De Haro Street, Suite 250, San Francisco, CA 94107 |
| 47 |
phone: 415.863.9900; fax: 415.863.9950; info@××××××××.com; www.nostarch.com |
| 48 |
|
| 49 |
Librar y of Congress Cataloging-in-Publication Data |
| 50 |
|
| 51 |
Rash, Michael. |
| 52 |
Linux firewalls : attack detection and response with iptables, psad, |
| 53 |
and fwsnort / Michael Rash. |
| 54 |
p. cm. |
| 55 |
Includes index. |
| 56 |
ISBN-13: 978-1-59327-141-1 |
| 57 |
ISBN-10: 1-59327-141-7 |
| 58 |
1. Computers--Access control. 2. Firewalls (Computer security) 3. |
| 59 |
Linux. I. Title. |
| 60 |
QA76.9.A25R36 2007 |
| 61 |
005.8--dc22 |
| 62 |
2006026679 |
| 63 |
|
| 64 |
-- |
| 65 |
If we can but prevent the government from wasting the labours of the |
| 66 |
people, under the pretence of taking care of them, they must become |
| 67 |
happy. - Thomas Jefferson |
Archives