CPSC 333 Assignment IPCHAINS (see content for due time) For this assignment you are to set up a set of firewall rules using the Linux "ipchains" utility. Read the IPCHAINS-HOWTO, section 4 (section 5 is also useful). Also it's recommended that you read the ipchains man page, which contains some more specific information. BEFORE YOU DO ANYTHING, save your current firewall configuration with "ipchains-save > oldfirewall". This requirements for this assignment is consistent with your current (required) firewall setup, and they should be in effect. However, you may want to restore them without the additions after the assignment has been graded. Your firewall must satisfy the following constraints. Use the "-l" option to log rejected/denied firewall access to /var/log/messages. 1. In 1988 a famous "internet" virus originated from Cornell University that used the Unix "finger" utility to break into systems. Disallow finger from anywhere except localhost. (hint: look in /etc/services for port number). 2. Deny "ping" from vito.csx.trincoll.edu 3. Reject TCP connections from the subnet 157.252.16.0/24, EXCEPT 157.252.16.36. Furthermore, your firewall should not prevent you from making TCP connections (e.g. telnet) TO this subnet. 4. Do not allow anyone to "spoof" you by getting through your firewall with a fake localhost address (127.0.0.x). 5. Create a user-defined chain "mychain". Add to "mychain" rule(s) that do not allow any HTTP (80) connections FROM 157.252.10.0/24, but do allow HTTP access TO this subnet. That is, they can't browse your web page but you can still browse theirs. Make sure that "mychain" is called (as a -j target) from one of the built-in chains: i.e., it has to be in effect. 6. Insert a rule in "mychain" that do NOT allow the other rules in "mychain" to be tested against if the source address is 157.252.104.42. (hint: need to use "RETURN", effectively "break") ** Save your rules using "ipchains-save > myfirewall", and HAND IN ** THIS FILE ALONG WITH DUMP OF "ipchains -L". ******* IMPORTANT: ******** Sometime on MONDAY 10/25, I will be testing your firewall. These tests should be logged in your /var/log/messages (or messages.1, messages.2) file. You're to print out these logs (do not print logs that do not pertain to the firewall rules!), AND write an explanation in English as to what took place. For example, you can say (On Monday at 11am, TCP telnet connection from 157.252.104.42 was rejected.).