Re: Shields Up reports one open port through iptables



bob.python@xxxxxxxxx wrote:
My IP address is sitting directly on the Internet with no firewall
(that I can tell) other than my iptables and I have the following rules
in iptables:

/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

Shields Up, https://www.grc.com/x/ne.dll?bh0bkyd2, reports that my port
1 is closed and all other ports are "stealth".

Port *1*? That's quite odd...

Try telnet <your_ip> 1 from a different machine, or using the "real"
IP (i.e., the IP assigned, and not 127.0.0.1 or localhost -- that
way, the packet will not come in through the loopback interface)

See if it immediately tells you "Connection refused", or if it
just freezes there waiting for the connection to be accepted (if
the former, the port is closed, as Shields Up reports -- from the
above iptables ruleset, it should freeze).

Also check iptables -L to list the *actual* rules (maybe another
iptables command was executed, or maybe the above is inaccurate?)

I just had Shields Up scan my machine, and it reports it as full
stealth (my machine has a slightly less strict ruleset than the
above -- I accept ESTABLISHED *and* RELATED, and I also accept
FORWARD traffic if it comes from the interface that connects to
the internal LAN; but from the point of view of what Shields Up
might report, my ruleset is essentially the same as the one you
posted)

If all checks out, you might want to write to the Shields Up guy
and report the possible bug in their system. (you might want to
try the scan again -- it might have been a temporary failure)

Carlos
--
.



Relevant Pages

  • Re: iptables udp and output
    ... So, here's the ruleset, re-ordered to provide a clearer view to ... you drop all fragments past the first one of each fragmented packet. ... This is the typical problem to making too selective matches in iptables ... the host and port that were marked as destination in the outgoing UDP packet). ...
    (comp.os.linux.security)
  • Re: [kde] Im feeling paranoid - with good reason.
    ... There should be a script in /etc/rc.d/init.d that starts iptables and loads ... the ruleset in /etc/sysconfig/iptables. ... Things like suse2 firewall. ... Check for open ports by running nmap localhost. ...
    (KDE)
  • Re: iptables related query
    ... I'll follow up on my own answer to clarify things a bit more. ... In my previous message I showed you one way to initialize your iptables ... That ruleset itself is nothing more than a simple shell script ...
    (Debian-User)
  • Re: iptables related query
    ... I prefer to use sub chains to identify from the internet or from ... > In my previous message I showed you one way to initialize your iptables ... That ruleset itself is nothing more than a simple shell script ...
    (Debian-User)
  • Re: iptables corrupt?
    ... I assume 'iptables-restore' loads rules into kernel space whereas ... My problem is (besides not grasping the workings of iptables) is WHY ... when I reboot the machine it comes up with thie same funky ruleset? ...
    (comp.os.linux.security)