Re: iptables firewall
On Tue, 29 Jul 2014 14:04:23 -0700
Mike McClain <mike.junk@nethere.com> wrote:
> I've run into a difficulty with iptables in that both GRC.com and
> PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but
> not stealthed in spite of the fact that I have these statements in my
> firewall script:
> iptables -A INPUT -p udp --dport 137:138 -j DROP
> iptables -A INPUT -p tcp --dport 137:138 -j DROP
> iptables -A INPUT -p tcp --dport 139 -j DROP
> iptables -A INPUT -p tcp --dport 445 -j DROP
> iptables -A OUTPUT -p udp --dport 137:138 -j DROP
> iptables -A OUTPUT -p tcp --dport 137:138 -j DROP
> iptables -A OUTPUT -p tcp --dport 139 -j DROP
> iptables -A OUTPUT -p tcp --dport 445 -j DROP
>
> Both scans report all else stealthed.
> Suggestions?
Apart from the suggestions others have offered, why are you listing
these ports at all? Your iptables rules should block everything
everywhere by default, and only permit in what you want. And if you
are hoping to be invisible from the Net, as you imply, then you won't
be letting in anything at all except that which is related to previous
outward messages.
Something else you might do now is to place temporary logging rules
before your 'DROP' rules, to confirm whether it is indeed iptables
which is blocking those packets. No logs, it's somebody or something
else. And if you have anything other than just a bare modem between you
and the outside world, which is not really best practice, then the first
place to look is the Net router.
And as someone else asked, why are you worried about this 'stealth'? As
long as the bad packets don't get in, what does it matter?
--
Joe
Reply to: