EnServe Administrators Manual
contents
 -TEMPLATE-

Managing the Firewall

There are actually two firewalls supplied with EnServe - TCP Wrappers and IPF. Both do similar functions and work inconjunction to restrict access to your system.

It is not advisable to alter the settings unless you are sure of what you are doing.

TCP Wrappers

This is the '1st level' protection and protects all the automatic services, it is interested in mainly 'telnet' (remote access with a terminal emulator) and 'ftp' (one of the automated file transfer utilities).

It uses two files hosts.allow and hosts.deny. In general hosts.deny should be left alone - it block everything. Sites that are allowed access to the system are entered in hosts.allow. This can be accessed by the Admin Login

    ->
Here is a sample hosts.allow 

    ALL: LOCAL
ALL: 192.168.10.
ALL: .vetsolutions.co.uk 194.222.32.231

This example, allows the 'LOCAL' network through e.g. local machines on the network. Just in case some are miss-named - it also lets then in by IP address (192.168.10.). This has also specifically allow 'vetsolutions.co.uk' in (the office).

If you were wanting to grant access to a remote site:

  • Get the remote site to telnet into the system a few times. Making a note of the times. The reason for doing this is to obtain the Name and address of the remote site as most users will not know it.

  • Look in 'Syslog' (Admin Menu -> Administration -> View Logfile -> Syslog). Ckeck the times they gave you, you should see something like: 

    Sep 20 12:03:00 xanth telnetd[16312]: refused connect from premiervet.demon.co.uk

  • Assuming the date and time agree with when the user was connecting then you would add premiervet.demon.co.uk to your hosts.allow file

    If the IP address or name keeps changing, then the user is using a DYNAMIC address and you should NOT add them - for two reasons:

    • They will keep getting blocked
    • If someone else gets the IP address they will gain access.
    Only add Static addresses to hosts.allow.

IPF - IP Filters

This is the 2nd level of protection, it is cryptic, you should not need to change anything.

By default, IPF will:

  • Ignore all outgoing connections
  • Ignore all Telnet sessions (they are blocked by TCP Wrappers above)
  • Ignore traffic on the incomming mail port (25)
  • Let in an SSH connection
  • Let uucp throught (Premvet System Monitoring Uses it) port 540
  • Block everything else.

The Security Report will give you a lot of detail on what is happening with this 2nd level firewall.

contents