[Gllug] iptables - a quick question

Stephen Harker steve at pauken.co.uk
Tue Nov 27 20:49:24 UTC 2001


On Tuesday 27 November 2001 16:56, you wrote:
> I have installed iptables!  Yay!
>
> Basically I wanted to firewall port 6000 and after much faffing, i
> have the following two rules (don't ask me why there are two):
>
> DROP       tcp  --  anywhere             anywhere           tcp
> dpt:x11 DROP       tcp  --  anywhere             anywhere          
> tcp dpt:x11 flags:SYN,RST,ACK/SYN
>
> I am guessing one is redundant, but which one?  as in, which one
> blocks incoming connections most comprehensively to port 6000?
>
> Also, when I nmap the machine the port shows up as being filtered. 
> Is this secure or can people still somehow open up a connection to
> the port?
>
> Will.
nmap can tell the difference between packets that are dropped 
(filtered by iptables) and ones that are refused by the kernel 
because the machine is not running a service on that port. Its 
something to do with the exact nature if the icmp reply packets (or 
absence of them if firewalling) but the details I can't remember. 
Either way, a connection can't be made to that port by an outside 
attacker but they can tell if a machine is there or not!!
<flamebait> Use an OpenBSD bridge between the internet and your 
machine instead ;-)</flamebait>
-- 
Stephen Harker
steve at pauken.co.uk, http://www.pauken.co.uk
"                                    "  -  Marcel Marceau


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list