Sasa
Sven-Åke Larsson pravi:
I (but that's only me) always get nervous when there are lines like "input accept". So yes, drop everything that it's not necessary.
Best regards, S
-----Original Message----- From: Sasa Stupar To: Netfilter-List Sent: 2004-02-26 14:48 Subject: Re: SV: Ports opened without request
So I should change default policy to DROP on FORWARD chain for filter only or also for mangle?
Ray Leach pravi:
Your default policy on the FORWARD chain is accept.tcp-reset
On Thu, 2004-02-26 at 14:24, Sasa Stupar wrote:
I have scanned from another machine. Yes, I allow ICMP packets. I have
droped them and rescanned the machine but still the same issue.
My current ruleset is:
---------------------
# Generated by webmin
*filter
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:INPUT DROP [0:0]
# Loopback
-A OUTPUT -o lo -j ACCEPT
# Allow self access by loopback interface
-A INPUT -i lo -j ACCEPT
# Accept established connections
-A INPUT -m state -i eth0 --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-option 2 -j REJECT --reject-with
machine on# FTP -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT # Telnet -A INPUT -p tcp -m tcp --dport 23 -j ACCEPT # SMTP -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT # NTP -A INPUT -p tcp -m tcp --dport 37 -j ACCEPT # DNS -A INPUT -p udp -m udp -s 192.168.10.111 -d 0/0 --sport 53 -j ACCEPT # HTTP -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --syn # POP3 -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT # Samba -A INPUT -p udp -m udp --dport 137 -j ACCEPT # Samba -A INPUT -p udp -m udp --dport 138 -j ACCEPT # Samba -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT --syn # HTTPS -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # SMTP-SSL -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT # POP3-SSL -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT # Squid Proxy -A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT # Xmail CtrlClnt -A INPUT -p tcp -m tcp --dport 6017 -j ACCEPT # XQM agent -A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT # Webmin -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT # Drop all other connection attempts -A INPUT -j DROP COMMIT # Generated by webmin *mangle :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] COMMIT # Completed # Generated by webmin *nat :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0] COMMIT # Completed ------------------------
As you can see I have made this rules with webmin. Any hints what is wrong here? BTW I am very very new at firewall.
Sasa
Sven-Ake Larsson pravi:
How did you make scan, from the machine itself or from another
samethe outside? Some rulesets doesn't really work when you are at the
themachine.
Do you allow any ICMP packets? If so, try to drop them too and scan
list.machine again.
What is your current ruleset? It helps a lot if you can add it to the
setupI believe you'll have the masters answers soon... ;-)
Regards, S
-----Ursprungligt meddelande----- Fran: netfilter-admin@xxxxxxxxxxxxxxxxxxx [mailto:netfilter-admin@xxxxxxxxxxxxxxxxxxx]För Sasa Stupar Skickat: den 25 februari 2004 18:01 Till: netfilter@xxxxxxxxxxxxxxxxxxx Ämne: Ports opened without request
Hi!
I have linux RH8 with kernel 2.4.20-28.8, iptables v1.2.8. I have
Ia firewall with some tcp ports opened (21,25,80,110,443) for servers.
Then I have ran a port scan and scanned all 65535 tcp and udp ports.
thesewas suprised that 3 ports were opened even if I didn't opened them in
the configuration. These ports are tcp 389,1002 and 1720.
I have tried to block them manually by entering a drop command for
three ports but no success-they are still open. What am I missing here? Is this some problem with iptables?
Sasa
