Two references are below

Sometime, in kern.log or dmesg contain the following message by issuing "ufw" more precisely iptable.
[UFW BLOCK INPUT]: IN=eth0 OUT= MAC=*************** SRC=*.*.*.* DST=**.**.***.*** LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=23860 DF PROTO=TCP SPT=8000 DPT=42776 WINDOW=35568 RES=0x00 ACK URGP=0

Here, some short explanations which I found in the references. Still not enough to understand for me.

SRC=The source address of the IP packet.
DST=The destination address of the IP packet.
LEN = The length of the IP packet.
TOS = The Type of Service of the IP packet.
PREC =The Precedence of the IP packet.
TTL = The time to live of the IP packet.
ID = The id of the IP packet.
flags = "CE" (congestion), "DF" (don't fragment), or "MF" (more fragments are coming).
PROTO = The name/number of the protocol that the IP packet encapsulates. This will be 'TCP', 'UDP', 'ICMP', or a number corresponding to the protocol in /etc/protocols or http://www.iana.org/assignments/protocol-numbers/

TCP
SPT: The source port of the tcp packet.
DPT: The destination port of the tcp packet.
WINDOW The length of the TCP window. 
RES :
The reserved bits.
flags : any bination of "CWR" (Congestion Window Reduced), "ECE" (Explicit Congestion Notification Echo), "URG" (Urgent), "ACK" (Acknowledgement), "PSH" (Push), "RST" (Reset), "SYN" (Synchronize), or "FIN" (Finished)
URGP: The urgent pointer.


UDP
SPT: The source port of the UDP packet.
DPT: The destination port of the UDP packet.
LEN: The length of the UDP packet


ICMP
TYPE: The numeric type of the ICMP packet
CODE: The numeric code of the ICMP packet
ID :
The id of the ICMP echo packet.
SEQ : The sequence number of the ICMP echo packet.

posted by citadel
sshd configuration
open /etc/ssh/sshd_config file, change and add the following lines


LoginGraceTime 60
PermitRootLogin no

MaxAuthTries 3
AllowUsers user_name

MaxStartups 3:50:10

more..



ufw (Uncomplicated Firewall)

apt-get install ufw

ufw enable | disable
ufw default allow | deny
ufw allow from x.x.x.x
ufw deny from x.x.x.x

https://wiki.ubuntu.com/UbuntuFirewall
posted by citadel
Xterm or Gnome terminal

1. apt-cache show firestarter

more..


2. apt-get install firestarter

3. visudo

Type i so as to input text .....(if you do not know about vi command)

Change
from Defaults       env_reset
to      # Defaults       env_reset

add the following line
Defaults !lecture,tty_tickets,!fqdn,env_reset,env_keep+="DISPLAY HOME XAUTHORIZATION"

Add the following line below the last line
USERID  ALL=NOPASSWD: /usr/sbin/firestarter
USERID must be your user id

Type ESC twice.
Shift+ :
wq


Gnome


1. System -> Preference -> Sesseion -> Add
Name : Firestarter
Command : sudo /usr/sbin/firestarter --start-hidden
comment : Desktop Firewall Tool

2. Configure the firestarter according to http://www.debianadmin.com/secure-ubuntu-desktop-using-firestarter-firewall.html

'Computer > linux' 카테고리의 다른 글

Skype static  (0) 2008.05.23
Simple firewall program - Firestarter  (0) 2008.04.26
How to know the size of array [] in C  (0) 2008.04.23
How to empty out the trash bin with the wrong permission.  (0) 2008.04.23
posted by citadel