'Recent' updates

[pwan.org.git] / content / ideas / busboy.rst

diff --git a/content/ideas/busboy.rst b/content/ideas/busboy.rst
new file mode 100644 (file)
index 0000000..3c8071d
--- /dev/null
+++ b/content/ideas/busboy.rst
@@ -0,0 +1,31 @@
+busboy
+######
+
+:date: 2014-05-08
+:tags: idea,project
+:category: idea
+:author: Jude N
+:Status: draft
+
+ipbusboy is an iptables policy builder similar to audit2allow - it watches for IP traffic that is being dropped, and attempts to build a policy which would allow to be flow.
+(ip)busboys clear (ip)tables.  (Yeah it's a stretch...)
+
+Problem
+- you don't want every port on your machine wide open
+- you also want to make your policies as strict as possible
+- getting the iptables syntax correct is a pain.
+
+Solution
+- turn on logging of dropped packets 
+- attempt to do your activity currently getting blocked
+- turn off logging of packets.
+- Based on the dropped packets, build up a policy which would allow those packets to pass.
+
+  - Allow incoming traffic from address XXX on port YYY through interface ZZZ
+  - Allow outgoing traffic to address AAA on port BBBB through interface CCC 
+  - Add state settings ????
+
+Next Steps
+- Find my iptables book...
+- Collect examples of blocked IP tables traffic
+