Re: Iptables DROP packets but Nmap show the ports opened !!
So if i understand well, you suggest me to put those line at the top of my Iptable script cause it seems to be safer, by default it DROP packets except when i have defined specific rules wich is my case :
> Brian and Henk, i think you make the point.
> Even with iptables loading the inactive ruleset, i've got all ports
> I don't understand why you are speaking of "inetd" ?
> Cause i've got inetd running on the machine...
Well, check /etc/inetd.conf and make sure that things are not not
accidently serviced by inetd. Otherwise when you flush the rules or
when you haven't got a default DROP policy, certain ports will still be
reported as open.
IPTABLES -P INPUT DROP
IPTABLES -P FORWARD DROP
IPTABLES -P OUTPUT DROP
I've read that with a default DROP policy, i must specifically define ACCEPT rules when flushing with -F, this, not to be locked out of my system.
It's ok, i Just have ssh, smtp and ftp like i did the setup !
> Did i miss something somewhere ?
Don't know, better check to be sure. Just do a 'grep -v ^# /etc/inetd.conf'
to see what's enabled.