Archive for the tag 'Filtering'

SBDavid

Understanding DNSBL Filtering

Understanding DNSBL Filtering

A DNSBL (commonly known as a ‘Blocklist”) is a database that is queried in realtime by Internet mail servers for the purpose of obtaining an opinion on the origin of incoming email. The role of a DNSBL such as Spamhaus’ SBL/XBL/PBL Advisory system is to provide an opinion, to anyone who asks, on whether a particular IP Address meets Spamhaus’ own policy for acceptance of inbound email.

The policy of the Receiver governs whether a message is blocked or not

Every Internet network that chooses to implement spam filtering is, by doing so, making a policy decision governing acceptance and handling of inbound email. The Receiver unilaterally makes the choices on whether to use DNSBLs, which DNSBLs to use, and what to do with an incoming email if the email message’s originating IP Address is “listed” on the DNSBL. The DNSBL itself, like all spam filters, can only answer whether a condition has been met or not.

SBDavid

Common iptables Filtering

Common iptables Filtering

Default policy set to block all incoming, outgoing, and forwarded packets, it is impossible for the firewall/gateway and internal LAN users to communicate with each other or with external resources. To allow users to perform network-related functions and use networking applications, administrators must open certain ports for communication.

To allow access to port 80 on the firewall, append the following rule:

iptables -A INPUT -p tcp -m tcp –sport 80 -j ACCEPT

This allows regular Web browsing from websites that communicate via port 80. To allow access to secure websites (such as https://www.serverbuddies.com/), you must open port 443, as well.

iptables -A INPUT -p tcp -m tcp –sport 443 -j ACCEPT

You must set a rule to allow first, and then set a drop rule on the subnet.

To arbitrarily insert a rule in an existing chain of rules, use -I, followed by the chain in which to insert the rule, and a rule number (1,2,3,…,n) for where the rule should reside. For example:

iptables -I INPUT 1 -i lo -p all -j ACCEPT

The rule is inserted as the first rule in the INPUT chain to allow local loopback device traffic.

$ sudo iptables -L -n -v

Chain INPUT (policy ACCEPT 235 packets, 45229 bytes)
pkts bytes target prot opt in out source destination
2 158 ACCEPT all — lo * 0.0.0.0/0 0.0.0.0/0
169 36782 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80

To allow remote SSH access, the following rules may be used:

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p udp –sport 22 -j ACCEPT