[Gllug] iptables - a quick question

Pete Ryland pdr at pdr.cx
Tue Nov 27 16:39:53 UTC 2001


The first one will block all traffic on the port, whereas the second rule
only blocks the given tcp packet types* (and will never be used - if you do
a iptables -v -L you will see that the rule count is zero for this rule).
Be careful that a rule above these may still allow traffic on that port -
the rules are executed in order until one matches.

* Note: the packet types you have there are likely trying to filter on
packets not related to an existing connection which is better done with the
state module something like: "-m state --state RELATED,ESTABLISHED".

Also note that a better way to implement iptables rules is to set your
policy to deny and then explicitly set rules for the traffic you want to
actually accept.

hth,
Pete

On Tue, Nov 27, 2001 at 04:56:28PM +0000, will wrote:
> I have installed iptables!  Yay!
> 
> Basically I wanted to firewall port 6000 and after much faffing, i have 
> the following two rules (don't ask me why there are two):
> 
> DROP       tcp  --  anywhere             anywhere           tcp dpt:x11
> DROP       tcp  --  anywhere             anywhere           tcp dpt:x11 
> flags:SYN,RST,ACK/SYN
> 
> I am guessing one is redundant, but which one?  as in, which one blocks 
> incoming connections most comprehensively to port 6000?
> 
> Also, when I nmap the machine the port shows up as being filtered.  Is 
> this secure or can people still somehow open up a connection to the port?
> 
> Will.
> 
> 
> -- 
> Gllug mailing list  -  Gllug at linux.co.uk
> http://list.ftech.net/mailman/listinfo/gllug
> 

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list