Re: bridging and iptables -- strange behaviour

From: "Postmaster" <postmaster@xxxxxxxxx>
Date: Fri, 03 Feb 2006 22:53:23 GMT

"beau" <beausephine@xxxxxxxxx> wrote in message
news:1139002023.067948.5570@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I've noticed some very strange behaviour in my firewall lately. If I
do a port scan on my desktop machine (XP) from a site like
security.symantec.com then I get some open ports listed, such as
25,80,110... These ports aren't open on my machine, fport even says
so. Even if I explicitly block 110 on my firewall the scan reports it
as being open. I'm using Fedora Core 4 with 2.6.11-1 kernel and
iptables to filter traffic over a bridge. When I block 110 I insert a
rule like this:

iptables -I FORWARD 1 -p tcp --dport 110 -j DROP

the packet counters for this rule are incrementing when I port scan, so
packets are matching. Has anyone seen anything like this before??? Is
it possible that something upstream from my firewall is causing this???

Beau

Beau,

I get more aggressive on blocking things at the firewall :-)

KPORT=XXX <- Port you want seriously blocked.

/sbin/iptables -A INPUT -i $EXTINT -p TCP --dport $KPORT -j DROP
/sbin/iptables -A INPUT -i $INTINT -p TCP --sport $KPORT -j DROP
/sbin/iptables -t nat -A PREROUTING -i $EXTINT -p TCP --dport $KPORT -j DROP
/sbin/iptables -t nat -A PREROUTING -i $INTINT -p TCP --sport $KPORT -j DROP
/sbin/iptables -A OUTPUT -o $EXTINT -p TCP --sport $KPORT -j DROP
/sbin/iptables -A OUTPUT -o $INTINT -p TCP --dport $KPORT -j DROP
/sbin/iptables -t nat -A POSTROUTING -o $EXTINT -p TCP --sport $KPORT -j
DROP
/sbin/iptables -t nat -A OUTPUT -o $EXTINT -p TCP --sport $KPORT -j DROP
/sbin/iptables -t nat -A POSTROUTING -o $INTINT -p TCP --dport $KPORT -j
DROP
/sbin/iptables -A FORWARD -p TCP --dport $KPORT -j DROP

Enjoy,
Postmaster

.

Follow-Ups:
- Re: bridging and iptables -- strange behaviour
  - From: Grant

References:
- bridging and iptables -- strange behaviour
  - From: beau

Prev by Date: Re: linux sockets - connect()
Next by Date: Re: bridging and iptables -- strange behaviour
Previous by thread: bridging and iptables -- strange behaviour
Next by thread: Re: bridging and iptables -- strange behaviour
Index(es):
- Date
- Thread

Relevant Pages

bridging and iptables -- strange behaviour
... I've noticed some very strange behaviour in my firewall lately. ... do a port scan on my desktop machine from a site like ... the packet counters for this rule are incrementing when I port scan, ...
(comp.os.linux.networking)
strange iptables/bridge behaviour
... I've noticed some very strange behaviour in my firewall lately. ... do a port scan on my desktop machine from a site like ... the packet counters for this rule are incrementing when I port scan, ...
(comp.security.firewalls)
Re: [opensuse] Firewall blocking mpd server
... I'm using openSUSE 12.1 and KDE 4.8.4 on both my desktop machine and my ... What I want to do is run gmpc on my laptop, so that I can control the ... It works when I disable the firewall on ... The mpd server listens on port 6600. ...
(SuSE)
Re: [opensuse] Headless server
... ssh: connect to host 192.168.1.12 port nnnn: Connection timed out ... The desktop machine is configured to use a high numbered port nnnn ... Host hostname ... access for example his desktop machine, ...
(SuSE)
Re: [opensuse] Headless server
... ssh: connect to host 192.168.1.12 port nnnn: Connection timed ... The desktop machine is configured to use a high numbered port ... is your server located in front or behind your router ...
(SuSE)