Firewall, ping and nmap

From: getting_out (getting_out_at_tele2.it)
Date: 11/02/03

Next message: Brad Arlt: "Re: X11 Outgoing"

Previous message: ~Kevin Davisł: "Re: military strike possible?"
Next in thread: getting_out: "Re: Firewall, ping and nmap"
Maybe reply: getting_out: "Re: Firewall, ping and nmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 02 Nov 2003 12:55:21 +0100
To: security-basics <security-basics@securityfocus.com>

Good morning.

I have a debian woody on witch I've configured a firewall (iptables)
with the following rules

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
block all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
block all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain block (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable

If I'm connected on the internet, via modem (ppp0), I can do a ping and
get responses from hosts. If I'm connected in a LAN, and do a ping, I
don't receive any response unless I shut down the firewall (iptables -F).

With npam, instead I must always shut down the firewall.

Can anyone enlighten me?

thanks and bye

Dvd (<-- It's for David :))

PS: please, forgive my English

---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------

Next message: Brad Arlt: "Re: X11 Outgoing"

Previous message: ~Kevin Davisł: "Re: military strike possible?"
Next in thread: getting_out: "Re: Firewall, ping and nmap"
Maybe reply: getting_out: "Re: Firewall, ping and nmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Iptables not saving...
... Chain FORWARD (policy ACCEPT) ... Chain OUTPUT ... You want to direct its output to where iptables normally ...
(Fedora)
Re: How to create a complex rule with system-config-securitylevel?
... Red Hat's old Lokkit firewall tool from RHL 8.0. ... And then use iptables directly ... Chain INPUT ... use a more complex firewall configuration tool. ...
(Fedora)
Re: Understanding iptables FC4
... I ran iptables -L and got teh following: ... Chain FORWARD ... I have turned that firewall off. ... Fedora also comes with SELinux, ...
(alt.os.linux)
Re: Question about iptables in edgy
... does the iptables file configure the chains ... I don't really need a firewall, and lokkit is not the ... Here's the chain created when I ran the application "Lokkit" which I ...
(Ubuntu)
Re: Iptables not saving...
... Chain FORWARD (policy ACCEPT) ... Chain OUTPUT ... You want to direct its output to where iptables normally ...
(Fedora)