iptables firewall rules (was Re: What to do when rpm verification fails)
Scott R. Godin
scott.g at mhg2.com
Fri Jul 7 18:56:33 UTC 2006
On Fri, 2006-07-07 at 20:10 +0200, Andras Simon wrote:
> On 7/7/06, Frank Elsner <Elsner at zrz.tu-berlin.de> wrote:
> > Disconnect from net and re-install.
>
> I'll do a reinstall, but I'd love to know where's the hole first,
> otherwise there's nothing to save me from the same thing happening
> again. Not that I know where to look... The usual suspects (portmap,
> sendmail, etc.) are not running, and I thought my firewall rules were
> pretty strict (who doesn't? :-)), iptables -L says
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> DROP tcp -- anywhere anywhere tcp dpts:0:1023
> DROP udp -- anywhere anywhere udp dpts:0:1023
> DROP tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,ACK/SYN
> DROP icmp -- anywhere anywhere icmp echo-request
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (0 references)
> [there's more here, but hopefully, 0 references means that they're irrelevant]
no, it means that no rule points to that chain, so any rules in there
are getting ignored -- they never get seen by a single packet and are
not filtered by any of them.
observe: (btw, iptables -vL, or -nvL may be more informative for you)
(from iptables -nL: )
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
255
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 state
INVALID
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:445
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:137:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:137:139
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:61200:61222
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:67:68
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:1023:1025
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:1026:1029
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpts:1433:1434
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp
dpts:1433:1434
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:113
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp LOG
flags 0 level 4 prefix `[iptables-log] '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp LOG
flags 0 level 4 prefix `[iptables-log] '
DROP all -- 0.0.0.0/0 0.0.0.0/0
now how there are two references to the RH-FIREWALL-1-INPUT ?
--
Scott Godin, Programmer | p: 302.368.5640
MAD House Graphics | c: 302.750.MAD1 (6231)
PO Box 7619, Newark DE 19714 USA | w: www.MadHouseGraphics.com
...................................................................
Comprehensive Expertise in Web and Print
More information about the fedora-list
mailing list