better firewalling rules for IPCOP/SmoothWall?

I've read recently that the default setup of SmoothWall & IPCOP should
be tightened, to allow less possibility of unintended outward traffic.

Anybody know where I can find a better set of iptables/ipchains rules to
apply(*), or an example of the required rule to adequately block the
return route. (I've tried a quick Google but found nothing relevant)
Bob

(*I'm personally interested in ipchains rules, for SmoothWall 1.0 -I
think latest IPCOP uses IpTables)
--
robert w hall

Sorry, can't help with specifics as I don't use those tools but I can
say that it is safest to block everything and then just allow out the
ports you need from the machines you need. Particularly with reference
to ICQ and related chat type protocols, even email and web browsing if
you have a machine that acts as a local server.


From robert w hall:

>I've read recently that the default setup of SmoothWall & IPCOP should
>be tightened, to allow less possibility of unintended outward traffic.
>
>Anybody know where I can find a better set of iptables/ipchains rules to
>apply(*), or an example of the required rule to adequately block the
>return route. (I've tried a quick Google but found nothing relevant)
>Bob
>
>(*I'm personally interested in ipchains rules, for SmoothWall 1.0 -I
>think latest IPCOP uses IpTables)

--
Julian Knight,
/--------------------------------------------------------------------\
| *** Remove Anti Spam bits from address for Email Replies *** |
|Home Page: http://www.knightnet.org.uk/ |
|Location : Sheffield, South Yorkshire, United Kingdom. |
|Occupation: Security, Directory, Messaging, Network & PC Consultant |
\--------------------------------------------------------------------/

Thanks for the reply
Actually I guess I'm really after someone who understands 'ipchains'
If I mug up on the ipchains rules (which I find obscure!) and hack it
badly I'll probably totally lose my internet connection (which will make
it difficult to ask for help...)
Bob

(Top Posting so I get at least some response :-))
>>>

In article <9dNMLtB6FVe$(E-Mail Removed) PAM>,
Julian Knight <julian@[127.0.0.1]> writes
>Sorry, can't help with specifics as I don't use those tools but I can
>say that it is safest to block everything and then just allow out the
>ports you need from the machines you need. Particularly with reference
>to ICQ and related chat type protocols, even email and web browsing if
>you have a machine that acts as a local server.
>
>
> From robert w hall:
>
>>I've read recently that the default setup of SmoothWall & IPCOP should
>>be tightened, to allow less possibility of unintended outward traffic.
>>
>>Anybody know where I can find a better set of iptables/ipchains rules to
>>apply(*), or an example of the required rule to adequately block the
>>return route. (I've tried a quick Google but found nothing relevant)
>>Bob
>>
>>(*I'm personally interested in ipchains rules, for SmoothWall 1.0 -I
>>think latest IPCOP uses IpTables)
>

--
robert w hall

robert w hall wrote:
<snip>

> (Top Posting so I get at least some response :-))

You may not get the responses you'd like, though

tim

robert w hall <(E-Mail Removed)> writes:
>Thanks for the reply
>Actually I guess I'm really after someone who understands 'ipchains'
>If I mug up on the ipchains rules (which I find obscure!) and hack it
>badly I'll probably totally lose my internet connection (which will make
>it difficult to ask for help...)
>Bob
>
>(Top Posting so I get at least some response :-))

Depends if you think being killfiled is a response or not, I guess.

--
"The road to Paradise is through Intercourse."
The uk.transport FAQ; http://www.huge.org.uk/transport/FAQ.html
[email me at huge [at] huge [dot] org [dot] uk]