Checkpoint
[pwan.org.git] / content / ideas / busboy.rst
1 busboy
2 ######
3
4 :date: 2014-05-08
5 :tags: idea,project
6 :category: idea
7 :author: Jude N
8 :Status: draft
9
10 ipbusboy is an iptables policy builder similar to audit2allow - it watches for IP traffic that is being dropped, and attempts to build a policy which would allow to be flow.
11 (ip)busboys clear (ip)tables. (Yeah it's a stretch...)
12
13 Problem
14 - you don't want every port on your machine wide open
15 - you also want to make your policies as strict as possible
16 - getting the iptables syntax correct is a pain.
17
18 Solution
19 - turn on logging of dropped packets
20 - attempt to do your activity currently getting blocked
21 - turn off logging of packets.
22 - Based on the dropped packets, build up a policy which would allow those packets to pass.
23
24 - Allow incoming traffic from address XXX on port YYY through interface ZZZ
25 - Allow outgoing traffic to address AAA on port BBBB through interface CCC
26 - Add state settings ????
27
28 Next Steps
29 - Find my iptables book...
30 - Collect examples of blocked IP tables traffic
31