[Gllug] iptables - a quick question
Stephen Harker
steve at pauken.co.uk
Tue Nov 27 20:49:24 UTC 2001
On Tuesday 27 November 2001 16:56, you wrote:
> I have installed iptables! Yay!
>
> Basically I wanted to firewall port 6000 and after much faffing, i
> have the following two rules (don't ask me why there are two):
>
> DROP tcp -- anywhere anywhere tcp
> dpt:x11 DROP tcp -- anywhere anywhere
> tcp dpt:x11 flags:SYN,RST,ACK/SYN
>
> I am guessing one is redundant, but which one? as in, which one
> blocks incoming connections most comprehensively to port 6000?
>
> Also, when I nmap the machine the port shows up as being filtered.
> Is this secure or can people still somehow open up a connection to
> the port?
>
> Will.
nmap can tell the difference between packets that are dropped
(filtered by iptables) and ones that are refused by the kernel
because the machine is not running a service on that port. Its
something to do with the exact nature if the icmp reply packets (or
absence of them if firewalling) but the details I can't remember.
Either way, a connection can't be made to that port by an outside
attacker but they can tell if a machine is there or not!!
<flamebait> Use an OpenBSD bridge between the internet and your
machine instead ;-)</flamebait>
--
Stephen Harker
steve at pauken.co.uk, http://www.pauken.co.uk
" " - Marcel Marceau
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list