Linux (commonly pronounced LIH-N?ks in English; variants exist) is a Unix-like computer operating system. Linux is one of the most prominent examples of free software and open source development: typically all underlying source code can be freely modified, used, and redistributed by anyone.
Allow iptables apt-get and DNS values
If you configure your firewall to block all outbound ports except only those needed, you may run into a problem with using apt-get update or upgrade. When you go to update it will return with "Failed to fetch" and "Temporary failure resolving 'ftp.us.debian.org'".
In order to allow these functions to work you can either allow port 53 and 80 out or specify the url for more granular control:
-A OUTPUT -p tcp --dport 80 -j ACCEPT
-A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
This is how you can do it with specific DNS names instead
-A OUTPUT -p tcp -d ftp.us.debian.org -j ACCEPT
-A OUTPUT -p tcp -d volatile.debian.org -j ACCEPT
-A OUTPUT -p tcp -d security.debian.org -j ACCEPT
-A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
While this does not protect you from DNS poisoning, it does greatly limit the outbound traffic that and attacker can use if your box was compromised.
Comments
Feel free to leave a comment or question
Code block comments
2010-03-19
Added a code block for comments
Windows 7 Items
2009-09-24
new info on windows 7
Snort on Debain Lenny
2009-08-19
Installing snort+PGSQL on Debian
