[plug] iptables rules
Jon Miller
jlmiller at mmtnetworks.com.au
Tue May 20 16:10:29 WST 2003
True, all I want to do is drop the packet so there is no reply (hence using the DROP), but when running a port scan from outside I can see certain port listed as filtered. I was interested in having these port not show up at all.
Jon L. Miller, MCNE, CNS
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
"I don't know the key to success, but the key to failure
is trying to please everybody." -Bill Cosby
>>> devenish at guild.uwa.edu.au 2:50:40 PM 20/05/2003 >>>
In message <3EC9CD69.30100 at wn.com.au>
on Tue, May 20, 2003 at 02:38:33PM +0800, Ben Jensz wrote:
> If there are no open ports on the machine and all ports are set to drop
> traffic, nmap won't even know if there is a machine unless it responds
> in some way to new connections coming into that specific interface.
I don't know about nmap, but dropping all traffic is NOT the same as
'not even being there'. If there is no machine there, ICMP responses
will be sent (to the tune of 'host unreachable'). If a machine drops
all packets and no ICMP is sent, then that says 'either my ISP can't
talk to the Internet properly or I have a precious machine that I am
trying to hide'.
> >I want to stop the following ports from being listed
(a) If you are running public services on an unfirewalled machine but
don't want them to the public: reconfigure your daemons to stop
making their services public.
This is part of what I'm asking, but the server is firewalled, just that certain services are running for the internal network that does not need to be known or seen from the internet.
(b) If you are running public services but wish to restrict them
to only "friendly" hosts: configure your packet filter
to issue 'connection refused' to any non-friendly hosts
(solves Ben's problem).
Same response as above
More information about the plug
mailing list