Stateful Firewall and Masquerading on Linux (Stateful Packet-Fil. Stateful Firewall and Masquerading on Linux Written by Werner Puschitz www.puschitz.com This article describes how I've setup stateful firewall and masquerading on Linux.
For basic Linux security, see my other article Securing Linux Production Systems - A Practical Guide to Basic Security in Linux Production Environments. I welcome emails from any readers with comments, suggestions, or corrections. Introduction The Netfilter in the Linux kernel is able to keep track of network packet's state and context. To accept packets that are part of an established connection you can define the following rule: # /sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT The option '-A' is for append which indicates that the rule should be appended to the INPUT chain of the filter table ("INPUT" must be in capital letters!).
Since the stateful firewall filter is not a built-in feature, a so called "match extension" must be invoked. To create the "block" custom chain, use the option '-N': Example. Intrusion Detection: Snort, Base, MySQL, and Apache2 On Ubuntu 7. This tutorial is based on another howto written by DevilMan, however I didn't like the idea of manually compiling every package or the use of a GUI to get the software installed.
This howto will work on a Gutsy Server or Gutsy desktop. With that said some of this howto is a direct copy from the original. In this tutorial I will describe how to install and configure Snort (an intrusion detection system (IDS)) from source, BASE (Basic Analysis and Security Engine), MySQL, and Apache2 on Ubuntu 7.10 (Gutsy Gibbon). Snort will assist you in monitoring your network and alert you about possible threats. Snort will output its log files to a MySQL database which BASE will use to display a graphical interface in a web browser. 1. It is easiest to do this install as root user. sudo su - 2.
The following will install all the required packages to make this setup work: 3. The Snort package in the Gutsy repo's are out of date. The latest version of snort at the time of writing is 2.8.0.1 cd /usr/src/ Creating a Intrusion Prevention System (IPS) using Snort and Sno. This article discusses how to use Snort and SnortSam to create a intrusion prevention system.
Normally Snort is referenced as a IDS Intrusion Detection System, but you can use snort to actually stop attacks on the server. Snort is a very popular application which uses rules to monitor network traffic. If alerts are triggered they can be sent to syslog or to a database. Snort is a vital tool to have on your server. It's important to see what kinds of attacks are being launched so your can weigh your own vulnerability assessment.
Snort has two different rule collection. This how-to will assume that you have a working Snort installation. Gentoo's portage lists net-analyzer/snortsam-2.30 as the stable version of this package of the time of this tutorial. emerge -pv snortsam You will need to make sure that you have the snortsam USE flag enabled in snort. My snort install has the following USE flags: After snort and snortsam have been installed, it's time to configure snortsam. vi /etc/snortsam. Set Up Ubuntu-Server 6.10 As A Firewall/Gateway For Your Small B. Includes: Shorewall, NAT, Caching NameServer, DHCP Server, VPN Server, Webmin, Munin, Apache (SSL enabled), Squirrelmail, Postfix setup with virtual domains, courier imap imaps pop3 pop3s, sasl authentication for road warriors, MailScanner as a wrapper for SpamAssassin, Razor, ClamAV, etc.
Samba installed, not configured. Needs very little maintenance and is extendable beyond your wildest imagination. All depending on the hardware used, of course. This is a COPY&PASTE howto. For info use the net. If anyone of you can find the time to add a good install and config for snort AND snortsam, including a comprehensive control panel, I would be very grateful. Scope: creating a firewall/(mail)gateway for a small network (say 10 to 15 users or so on a PIII 450MHz, 512 MB ram and two identical network interface cards, broadband connection, fully featured, for a bussines environment. Expected audience: (beginning) sysop. This tuto leads towards a solid 'ready to go' sytem.
Have Fun! Sudo passwd Do: