*IP FILTERING*

IP filtering is a process of filtering out the IP addresses of undesirable hosts, or ports that you do not want other computers to have access to.  There are a few ways to set up IP filtering, one way is to set up a firewall (either on the system itself, or another dedicated firewall system) and another way is to utilize TCPwrappers.

Firewalls consist of firewalling software, that could either be ipchains or netfilter for Linux, ipfw (IP firewall) for FreeBSD, IPFilter for other BSD’s and also for Solaris, or Cisco ACL’s (Access Lists) for Cisco routers.

Firewall examples for the four different software variants are included to the left, each one shows an example configuration file, and the example output of how it looks. This should give a guideline for starting a good firewall setup.

TCPWrappers is a program originally coded by Wietse Venema.  This program sits between the client and the server as a tiny daemon program.  It intercepts the request for a connection and either allows the connection or disallows the connection by use of /etc/hosts.allow and /etc/hosts.deny files.  This program is the easiest way to disallow some services you don’t want, or specific computers from having access to your computer. 

A Simple approach to using TCPWrappers is to add “ALL:ALL” to your /etc/hosts.deny file, and then allow specific hosts or services access in /etc/hosts.allow.  This will enable a good deal of security on your machine, as you will know that only those services that you have specified will be allowed access. (this helps against those nastly rpc and nfs services that may try to run behind your back.)

Included on this page are three different firewall configurations, one for linux using IPchains, one for FreeBSD using ipfw and one for Cisco IOS using cisco’s ACL’s.  The Cisco one also includes some other portions of a configuration script, most of these enhance security greatly.

[Index] [Introduction] [Attack] [Detection / Recovery] [Prevention] [Conclusion] [Credits]