RE: Firewall Configuration in Redhat 9.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jesse,

Don't forget the default action for IPTABLES. You must DROP packets and
accept the connections you wish. I believe the command is:
Iptables -A INPUT DROP
Iptables -A OUTPUT DROP
Iptables -A forward DROP

Don't forget to add the "ACCEPT" lines first, otherwise you will lock
yourself out.

Mike



-----Original Message-----
From: Jesse Millan [mailto:jessem@xxxxxxxxxxxxxxxx] 
Sent: Monday, October 20, 2003 3:00 PM
To: redhat-list@xxxxxxxxxx
Subject: Firewall Configuration in Redhat 9.0


I've been having some trouble opening and closing ports. Basically, I
want to close of all ports except 22 for ssh and 3 other ports to do
some testing with openmosix. No matter what I do though, the ports that
I want open stay closed and the ports that I want closed are open.
(Mostly)

Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
111/tcp    open        sunrpc
139/tcp    open        netbios-ssn
505/tcp    open        mailbox-lm
631/tcp    open        ipp
885/tcp    open        unknown
4660/tcp   open        unknown
6000/tcp   open        X11
9158/tcp   open        unknown
10000/tcp  open        snet-sensor-mgmt
32768/tcp  open        unknown
32769/tcp  open        unknown
32770/tcp  open        sometimes-rpc3

Looks like I don't even have a firewall activated.
redhat-config-securitylevel is set to medium. If I change it to hight
the same ports are open. Trusted device is set to my network card (eth0)
nothing is checked except ssh and dhcp. Like I said above, I want a
couple other ports for open openmosix but, I have not "other ports"
section using redhat-config-securitylevel.

Other notes, I have iptables service enabled. It starts at boot. Also, I
have tried to use iptables directly i.e iptables -A INPUT -p tcp ...
etc. Still nothing.

Thanks in advance.



-- 
Jesse Millan
CNS Server Team
Portland State University
Phone: (503) 725-3285
Fax:   (503) 725-6487
GPG key: www.system-calls.com/gpg.php

I wouldn't be so paranoid if you weren't all out to get me!!


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux