Re: iptables firewall script for debian-woody, 2.4.24
From: Eugenijus Januškevičius (ejs_at_delfi.lt)
Date: 04/05/04
- Previous message: Konstantin Gavrilenko: "Re: iptables firewall script for debian-woody, 2.4.24"
- In reply to: cookie: "Re: iptables firewall script for debian-woody, 2.4.24"
- Next in thread: Arno van Amersfoort: "Re: iptables firewall script for debian-woody, 2.4.24"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 05 Apr 2004 23:06:05 +0300 To: Gord Philpott <tech@gordphilpott.com>
Hi,
Gord Philpott wrote:
>> I have used the script on other systems, and have commented out the
>> ports that are not needed for this setup. When I nmap the server
>> with the firewall script off, I get different results than when the
>> firewall script is on. I am looking to have the ports needed to run
>> DNS and SSH available regardless of the firewall status.
>> $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> $IPTABLES -A OUTPUT -p tcp --destination-port 53 -j ACCEPT # DNS
>> $IPTABLES -A OUTPUT -p udp --destination-port 53 -j ACCEPT # DNS
>> $IPTABLES -A OUTPUT -p tcp --destination-port 22 -j ACCEPT # SSH
You hope, that destination port for incoming DNS queries will be 53.
This is not true. The same is for SSH.
Leave OUTPUT chain unfiltered and nmap once more.
PS. Why you do not use iptables-[save|restore]?
-- ejs
- Previous message: Konstantin Gavrilenko: "Re: iptables firewall script for debian-woody, 2.4.24"
- In reply to: cookie: "Re: iptables firewall script for debian-woody, 2.4.24"
- Next in thread: Arno van Amersfoort: "Re: iptables firewall script for debian-woody, 2.4.24"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
