Iptables Clues and Advices.

[Nahual Guerrero <nahual () axis org>]

Hi list.

I began using iptables a few months ago , I've managed to make a perl script 
wich contains al basic rules of packet filitering in my box. but now that I 
managed and learned how to do it , i really don't know how to secure my box 
from possible attacks comming from internet.

I use the error and test method , I mean , I use against myself classical 
attacks such a smurf , different types of scans using nmap etc...

I'd like to make several questions , so i'll set the variables of my sistem 
in order to have better answers , if anyone wants to answer any of them.

->Security programs installed (and probably misconfigured...remember , i'm a 
newbie):

-tcplog 1.6
-portsentry 1.1
-iptables 1.2.2

->Services I run , in order to make tests in my own box (so we deduce I don't 
want anyone from the internet to know they exist)

MySql (3306)
Apache (80)

->Script made to try to detect and prevent any kind of investigation on my 
box.
###################################################################
#!/usr/bin/perl

my $iptfh = 'iptables -F';
my $iptin = 'iptables -A INPUT -j DROP -p tcp -s ! 127.0.0.0/255.255.255.0 
--destination-port';
my $iptil = 'iptables -A INPUT -j LOG -p tcp -s ! 127.0.0.0/255.255.255.0 
--destination-port';
my $iptol = 'iptables -A OUTPUT -j LOG';
my $iptfl = 'iptables -A FORWARD -j LOG';

system ("clear");
print "Tirando de la Cadena....\n";
system ("$iptfh");

#Input
system ("$iptin 80");
system ("$iptin xxx");
system ("$iptin xxx");
system ("$iptin xxxx");
system ("$iptin xxxx");
system ("$iptin 3306");
system ("$iptin xxxx");
system ("$iptin xxxx");

system ("$iptil 80");
system ("$iptil xxx");
system ("$iptil xxxx");
system ("$iptil xxxx");
system ("$iptil 3306");
system ("$iptil xxxx");
system ("$iptil xxxx");

#Output

#Forward

system ("$iptfl");


#Port Sentry
print "Iniciando Port Sentry\n";
system ("portsentry -stcp");
system ("portsentry -sudp");
#######################################################################

I know , It's very simplistic , that's why I ask for help. 
So with this configuration , it's obvious that it only blocks some type of 
scans , and direct conections on tcp ports , but i'd like to hide these ports 
from any kind of scan (at least any kind of scan wich nmap can perform).

Now the questions.

Is it a good idea to block icmp packets to avoid smurf attacks?If we drop all 
icmp attacks won't we have any trouble during regular surfing?

How can I completely hide ports(udp and tcp) when connected to the 
internet?In case of being impossible , How can i hide them as much as 
possible?


If any of the questions i've made are abusive , feel free to say it , but 
please , pleeease , do not flame me. 

Thank you in advance.

Un abrazo.
------------------------------------------------------------------------------------------------------.
                        Nahual Guerrero
        Llave pgp: http://www.rootshell.be/~nahual/pub_key.asc

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-security-basics