iptable accept all issue
From: John Cox (scrrsec_at_sc.rr.com)
Date: 03/03/04
- Previous message: steve harris: "Re: Fedora Core 1 - up2date: BEWARE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 03 Mar 2004 18:47:33 GMT
I am trying to lock down my box with iptables but I'm missing something. If
I remove the accept all command (that is input by default) none of the rest
of my accept commands work. My goal is to allow access to ssh, dns, and
nessus. I seem to be able to filter one port at a time, but I am having
problems accepting only one port at a time. I have included a copy of
iptables -L and an nmap.
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:x11
DROP tcp -- anywhere anywhere tcp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
ACCEPT udp -- clmasc-dns-cac-01-dmfe0.sc.rr.com anywhere
udp spt:domain
ACCEPT udp -- clmasc-dns-cac-02-dmfe0.sc.rr.com anywhere
udp spt:domain
ACCEPT udp -- coxjohnd.com anywhere udp spt:domain
REJECT tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with
icmp-port-unreachable
[root@minihp root]# nmap xx.xxx.xxx.xxx
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on mypc.com (xx.xxx.xxx.xxx):
(The 1596 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
111/tcp filtered sunrpc
1241/tcp open msg
6000/tcp filtered X11
-- John D Cox
- Previous message: steve harris: "Re: Fedora Core 1 - up2date: BEWARE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
