![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
I've been fighting iptables for two weeks. I would get it figured out then go right into a senior moment. I could only keep half of it in my head at a time and I was flopping back and forth.
j
I'd find "the" problem and flip all my rules only to find I had the same problem. I have a ream of paper on my desk filled with the output of a packet sniffer, firewall log entries, my rule set(s), the tables/chains that were generated from them, and bits of this and that.
Finally, I grabbed a piece of paper and tried to explain the concept to Stacey. Uff-dah.
I was very, very successful at allowing traffic in one direction or the other. Flip the rules and the traffic was flowing in the other direction, but still just one direction.
What was missing?
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
sigh.
I'm feeling very old and mentally brittle.
I'm not really done with the rule set. Lots of little tweaking and log settings to mess with. I haven't tried the tarpit yet, either. I'm set up for it, though. And I have to set up the scripts that install my rule sets when the various machines get restarted.
I have to write a script that checks my apache logs for indentical, bogus requests that come close together so that I can add the offending IP to either a drop table or the tarpit.
I don't think the offending machines care that I put them on hold, though. It is something I really want to test.
The other thing the script will do is capture a part of the log to send to abuse@.... for the ISPs that own the offending IPs. Maybe they will and maybe they won't tell their customers about the infection on their machines.
Tomorrow, I will work on the the internal web server and a couple of internal websites that I promises for yesterday.
j
I'd find "the" problem and flip all my rules only to find I had the same problem. I have a ream of paper on my desk filled with the output of a packet sniffer, firewall log entries, my rule set(s), the tables/chains that were generated from them, and bits of this and that.
Finally, I grabbed a piece of paper and tried to explain the concept to Stacey. Uff-dah.
I was very, very successful at allowing traffic in one direction or the other. Flip the rules and the traffic was flowing in the other direction, but still just one direction.
What was missing?
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
sigh.
I'm feeling very old and mentally brittle.
I'm not really done with the rule set. Lots of little tweaking and log settings to mess with. I haven't tried the tarpit yet, either. I'm set up for it, though. And I have to set up the scripts that install my rule sets when the various machines get restarted.
I have to write a script that checks my apache logs for indentical, bogus requests that come close together so that I can add the offending IP to either a drop table or the tarpit.
I don't think the offending machines care that I put them on hold, though. It is something I really want to test.
The other thing the script will do is capture a part of the log to send to abuse@.... for the ISPs that own the offending IPs. Maybe they will and maybe they won't tell their customers about the infection on their machines.
Tomorrow, I will work on the the internal web server and a couple of internal websites that I promises for yesterday.