Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

linux firewall to block windows programs??

Status
Not open for further replies.
fenris

fenris

Programmer
May 20, 1999
824
CA
How do I setup a linux firewall (mandrake 7.2 and ipchains) to block unauthorized attempts by software on my windows boxes to reach the internet? Is as simple as blocking the domains? What kind of rules would I have to setup and how would I figure it out?

I guess the first part would be how would I monitor (and log) all the connections that are being made to the internet and alert me to the fact that there is one being made. Then from that I would be able to deter mischeivious software.

The reason I bring this up is that zonealarm does this in windows. But it doesn't work in windows XP, which I am sure that XP itself will be "phoning" home.

Any ideas.... Troy Williams B.Eng.
fenris@hotmail.com

 
Sort by date Sort by votes
ipchains -P output DENY
(your other policies depend on your security stance..
a closed firewall is ideal as long as you know what
needs in and out and from whom..)

ipchains -A output -s private net address -d 0/0 80 -p tcp -j ACCEPT -l
#allows http over 80 out and logs everything.

You can allow other services outbound like this when you have to.
On the other hand you could let everything out and log
everything..

ipchains -A output -s private net address -d 0/0 -j ACCEPT
-l

These logs would be huge with over 10 users actively using the internet. If you have an idea of what kind of traffic you are looking for that would make it easier to log it...
You could run tcpdump or another packet sniffer to monitor user traffic.

OTOH:
Real time monitoring and active ids can be handled by a product called psionic port sentry-this may be the solution you are looking for rather than plain jane ipchains.
 
Upvote 0 Downvote
Hi,

Marsd has given you the basics of what to do - I would add, however, that you will almost certainly need to allow more than just port 80 through - for example https/ssl uses port 443. Also, in trying to block all those 'phone-home' progs you will also be blocking icq / yahoo messenger / real-audio, etc, etc., unless you allow the related ports through the firewall.

A good reference on tcp/udp ports can be found at --> . You can click on the port numbers on that list to get more detail.

Regards
 
Upvote 0 Downvote
Well I want to be able to detect when a piece of software that should have nothing to do with the internet (power point 2000) tries to use it.....

If I can log which machines port they are coming from and if I can see a pattern I'll block it. But what I am trying to do is something similar to what zonealarm does for windows.

Thanks for the input...
Troy Williams B.Eng.
fenris@hotmail.com

 
Upvote 0 Downvote
Thats basically what you could do with something like port sentry..all these firewalls need rulesets-> there's not an
automagic detect win phone home seting;-)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kristiandg
  • Locked
  • Question
Linux, "port mirror" between two boxes...
Replies
0
Views
249
kristiandg
kristiandg
Phi_1.618
  • Locked
  • Question
Linux server
Replies
2
Views
311
SamBones
SamBones
bhuv560
  • Locked
  • Question
Postfix Installation on EC2 AWS Linux
Replies
0
Views
159
bhuv560
bhuv560
malpa
  • Locked
  • Question
block incoming snmp traps from ip
Replies
1
Views
262
malpa
malpa
donald lepariku
  • Locked
  • Question
Error: 694, Severity: 24, State: 10 An attempt was made to read logical page '153', virtpage '616' f 1
Replies
3
Views
339
spamjim
spamjim

Part and Inventory Search

Sponsor

Back
Top