Re: Port 135 ???

From: Michael Heiming (michael+USENET_at_www.heiming.de)
Date: 09/01/03


Date: Mon, 1 Sep 2003 08:33:58 +0200

Bit Twister <BitTwister@localhost.localdomain> wrote:
> On Mon, 01 Sep 2003 03:48:33 GMT, Capps wrote:
> 1 > [ block all input chains]
> 2 > /sbin/iptables -A INPUT-i $EXTINT -p tcp --dport 135:139 -j DROP
> 3 > sbin/iptables -A INPUT -i $EXTINT -p udp --dport 135:139 -j DROP
> 4 > /sbin/iptables -A INPUT-i $EXTINT -p tcp --dport 445 -j DROP
> 5 > sbin/iptables -A INPUT -i $EXTINT -p udp --dport 445 -j DROP

> Wonder if line 2 and 4 need a space on -i
> and if line 3 and 5 need a /sbin

Likely, I'm using the "limit" option to stop sucking up my logfiles:

$IPTABLES -A invalid -m limit -j LOG --log-prefix "invalid "
$IPTABLES -A xmas -m limit -j LOG --log-level info --log-prefix "xmas-scan "
$IPTABLES -A null_scan -m limit -j LOG --log-level info --log-prefix \
                "null-scan "
$IPTABLES -A CHECK_FLAGS -p tcp --tcp-flags SYN,RST SYN,RST \
                -m limit --limit 5/minute \
                -j LOG --log-level 6 --log-prefix "SYN/RST "
$IPTABLES -A spoofing -m limit -j LOG --log-level info --log-prefix "spoofing "
$IPTABLES -A INPUT -i $DEV_INET -p icmp --icmp-type 5 -m limit -j icmp_reject
$IPTABLES -A icmp_reject -m limit -j LOG --log-prefix "icmp_rej "
$IPTABLES -A INPUT -m limit -j LOG --log-prefix "Denyed FINAL IN "
$IPTABLES -A OUTPUT -m limit -j LOG --log-prefix "Denyed FINAL OUT "
$IPTABLES -A FORWARD -m limit -j LOG --log-prefix "Denyed FINAL FOR "

The default policy is drop, for all chains.
;)

-- 
Michael Heiming
Remove +SIGNS and www. if you expect an answer, sorry for 
inconvenience, but I get tons of SPAM


Relevant Pages

  • Re: Iptables new chain policy
    ... Set the policy for the chain to the given target. ... See the section TARGETS for the legal targets. ... Only built-in chains can have ...
    (comp.os.linux.security)
  • Re: Please help confused iptables user
    ... >> Moe Trin wrote: ... >> and by setting the default policy after flushing the chains one might ... > only thing in or out is ICMP (and we bring our public facing systems ...
    (comp.security.firewalls)
  • Re: StrongVPN assume they are logging you for a year
    ... First of all I want to know if you are saving the logfiles and if you ... In regards to policy on logfiles, its our policy not to disclose what ... they do not keep logs, but there is no way you can verify this. ... Logging policies, and these privacy policies in general, are bullshit. ...
    (alt.privacy)
  • Re: Redhat 7.3 firewall issues
    ... Do I need to have a DROP/REJECT statement after my INPUT and ... Wes Ream wrote: ... >> Chain OUTPUT (policy ACCEPT) ... > OUTPUT chains and no DROP or REJECT at the end of the chains, ...
    (comp.os.linux.security)
  • Re: Blocking ports scan
    ... "Michael (Cegonha)" wrote: ... It is a list of CHAINS in the filter table. ... they have a default policy which is ...
    (comp.os.linux.security)