what definitions for iptables?

Hi,

I'm trying to secure my box, so of course I'm looking into iptables. My problem is that I have no idea what definitions to put in. When installing a firewall on Windows (eg. ZoneAlarm, Norton, etc), it's easy. A set of definitions is automatically enabled and you're up and running. On the fly warnings prompt if you want to add rules, etc. The manufacturer's web sites have rule set updates so that you can keep current.

However, I'm finding it difficult to determine what I need to do to even get a minimal firewall in place on my Linux server. What are some basic rules that can be added as a quick start. And as time passes, how do I know what rules I need to add. I assume that by going through the logs I can root out nasties and add create rules based on evil IPs. However, what if the IP is from a major ISP? I could end up blocking some poor user who dynamically got the IP.

It seems to me that I should be able to create rules that filter out certain clients, or types of clients (bots, hacks, etc).

Does anyone know where I can find some information on this to get me started? Any help would be greatly appreciated.

Thanks.

 

 

 

 

Top