Re: Port 135 ???

From: Michael Heiming (michael+USENET_at_www.heiming.de)
Date: 09/01/03


Date: Mon, 1 Sep 2003 08:33:58 +0200

Bit Twister <BitTwister@localhost.localdomain> wrote:
> On Mon, 01 Sep 2003 03:48:33 GMT, Capps wrote:
> 1 > [ block all input chains]
> 2 > /sbin/iptables -A INPUT-i $EXTINT -p tcp --dport 135:139 -j DROP
> 3 > sbin/iptables -A INPUT -i $EXTINT -p udp --dport 135:139 -j DROP
> 4 > /sbin/iptables -A INPUT-i $EXTINT -p tcp --dport 445 -j DROP
> 5 > sbin/iptables -A INPUT -i $EXTINT -p udp --dport 445 -j DROP

> Wonder if line 2 and 4 need a space on -i
> and if line 3 and 5 need a /sbin

Likely, I'm using the "limit" option to stop sucking up my logfiles:

$IPTABLES -A invalid -m limit -j LOG --log-prefix "invalid "
$IPTABLES -A xmas -m limit -j LOG --log-level info --log-prefix "xmas-scan "
$IPTABLES -A null_scan -m limit -j LOG --log-level info --log-prefix \
                "null-scan "
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST \
                -m limit --limit 5/minute \
                -j LOG --log-level 6 --log-prefix "SYN/RST "
$IPTABLES -A spoofing -m limit -j LOG --log-level info --log-prefix "spoofing "
$IPTABLES -A INPUT -i $DEV_INET -p icmp --icmp-type 5 -m limit -j icmp_reject
$IPTABLES -A icmp_reject -m limit -j LOG --log-prefix "icmp_rej "
$IPTABLES -A INPUT -m limit -j LOG --log-prefix "Denyed FINAL IN "
$IPTABLES -A OUTPUT -m limit -j LOG --log-prefix "Denyed FINAL OUT "
$IPTABLES -A FORWARD -m limit -j LOG --log-prefix "Denyed FINAL FOR "

The default policy is drop, for all chains.
;)

-- 
Michael Heiming
Remove +SIGNS and www. if you expect an answer, sorry for 
inconvenience, but I get tons of SPAM