On Mon, 2004-09-20 at 04:02, Askar wrote: > > iptables -A INPUT -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP > iptables -A INPUT -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP > iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP > iptables -A FORWARD -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP > iptables -t nat -A PREROUTING -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP > iptables -t nat -A PREROUTING -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP > > aren't there are unnecessary repitions ? Agreed. The "proper" place for filtering rules is the INPUT and/or FORWARD chain. You should be able to delete the two PREROUTING rules without a problem. > also why he (my > predecssor) droping such port in INPUT table ? aren't it unnecessary, > coz it a linux box no port 135:140 are open on our fw machine. Unless you run SAMBA. ;-) My guess is it was done to keep the traffic from hitting a later logging rule, but its hard to say without seeing the entire rule base. It could also have something to do with the "permit what has not been denied" policy you mentioned in your last e-mail. Either way, it should not hurt anything and its a good idea to block outbound NetBIOS/IP if your organization does not need it to do business. Attackers can use it to transfer a rootkit onto the system. If the ports are blocked, their lives become just a little bit harder. HTH, Chris
