Re: Iptables config
On Fri, Apr 12, 2002 at 04:05:54PM +0200, Lars Roland Kristiansen wrote:
> Here is where i am now - if i dont run iptables it all works - for some
> reason closing all the ports and setting the deafult policy to deny dosent
> seam to work (if i then after set smtp, pop3 ssh to allow). But setting
> the default policy to allow and then useing nmap to detect what ports that
> are open and then closing them via iptables seam to work ok. (but only if
> use another script than /etc/init.d/iptables) ???
>
Type iptables -vL to find out, what your configuration is. If I
understand right, iptables seems to be configurated differently when
doing it by hand then when doing it by script.
Sent the output to the list if still not succesfull.
Set the default policy to drop, and open the ports as you need them.
The last line in the configuration is something like
iptables -A INPUT -p tcp -j LOG
Every packet, which doesn't get accepted is logged (to the console I
believe).
Log all the packets on the interface in question using
tcpdump -i interface (also read the manpages for further information).
>
> thanks for the help
>
You are welcome
Mathias
> ___
> Mvh./Yours sincerely
>
> Lars
>
> ========================================================================
> Lars Roland Kristiansen | Email: m00lrk@math.ku.dk
> Stu. Sci. Math/Computer science | TLF(home): 39670663
> Copenhagen University - | Home address: Emdrupvej 175
> Institute for Mathematical Sciences | C/O Rune Bruhn 2400 Copenhagen NV
> Url: www.math.ku.dk |
> ========================================================================
>
> "Politics is for the moment, equations are forever"
> - Albert Einstein
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: