Re: Why open? How do I close?
From: Jean-Pierre Menicucci (jean-pierre.menicucci_at_studioware.com)
Date: 09/18/03
- Next message: Gary Petersen: "Re: Apache and password protection"
- Previous message: Don Saklad: "Out of the box GNU/Linux type computers."
- In reply to: Patrick Cairpre: "Why open? How do I close?"
- Next in thread: Binarym: "Re: Why open? How do I close?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Sep 2003 08:32:34 +0200
Your policy is to accept everything by default
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
You'd better have this in your script :
# drop by default
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
For more information see this link -> http://www.netfilter.org/
Regards,
Jean-Pierre Menicucci,
"Patrick Cairpre" <cairpre409@yahoo.com> a écrit dans le message de
news:aba9f5d4.0309171849.5fc3752d@posting.google.com...
> I am running redhat 9 using their standard firewall. I thought that
> only the ports I explicitly opened would be open. In addition to the
> ones that I did open an online security scan has found the following
> ports open.
>
> TCP
> 111
> 113
> 139
> 143
> 443
> 688
> 696
> 709
> 879
> 901
> 935
>
> I don't understand why these ports are open? How do I lock them down?
>
> I expicitly left port 153 open to udp so that my dns would update my
> secondary.
> But the scan shows no ports open for udp.
>
> ****************
> This is my iptables file:
>
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> # firewall; such entries will *not* be listed here.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT
> -A FORWARD -j RH-Lokkit-0-50-INPUT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 53 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 53 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 119 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j
> REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
> COMMIT
> ************
>
> I know this is a fairly primative firewall that has other problems,
> but why is it not doing what it is supposed to?
> I think there are some basics I am misunderstanding.
> Can someone point me in the right direction?
>
> Thanks
- Next message: Gary Petersen: "Re: Apache and password protection"
- Previous message: Don Saklad: "Out of the box GNU/Linux type computers."
- In reply to: Patrick Cairpre: "Why open? How do I close?"
- Next in thread: Binarym: "Re: Why open? How do I close?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
