Coyote IP Chains?

From: Thomas Gibson (tegibson@sympatico.ca)
Date: 01/05/03

  • Next message: smg: "Re: I got hacked!!!"
    From: Thomas Gibson <tegibson@sympatico.ca>
    Date: Sat, 04 Jan 2003 23:48:55 -0500
    
    

    Using Sygate's online scanner it seems that Coyote Linux allows external
    ssh sessions on port 22. I would like to block this and am using the
    following ipchain rules:

    # Block all low level system ports
    /sbin/ipchains -A input -i eth1 -p tcp -d 0/0 0:1023 -j REJECT
    /sbin/ipchains -A input -i eth1 -p tcp -d 0/0 6000:6010 -j REJECT
    /sbin/ipchains -A output -i eth1 -p tcp -s 0/0 22 -j DENY
    /sbin/ipchains -A input -i eth1 -p tcp -d 0/0 22 -j DENY
    /sbin/ipchains -A input -i eth1 -p udp -d 0/0 0:1023 -j REJECT
    /sbin/ipchains -A input -i eth1 -p icmp --icmp-type ping -s 0/0 -j REJECT

    Sygate still is indicating the port is open which leads me to believe I
    don't understand ipchains fully yet. Can anyone provide guidance?