Hello all,
I just "installed" a firewall on my system and I am testing the ports using Nmap. The output is interesting:
Code:
Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2005-01-02 01:24 CST
Interesting ports on 192.168.0.20:
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
32770/tcp open sometimes-rpc3
Nmap run completed -- 1 IP address (1 host up) scanned in 1.454 seconds
When I only have port 22/ssh open and the domain, http, and https closed, which are not even listed. Here is the firewall script...
Code:
!/bin/sh
IPTABLES=/sbin/iptables
$IPTABLES -F INPUT
$IPTABLES -A INPUT -j ACCEPT -m state --state \
ESTABLISHED -i eth0 -p icmp
$IPTABLES -A INPUT -j ACCEPT -m state --state \
ESTABLISHED -i eth0 -p tcp
$IPTABLES -A INPUT -j ACCEPT -m state --state \
ESTABLISHED -i eth0 -p udp
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT
$IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 443 -j ACCEPT
$IPTABLES -A INPUT -p icmp -j ACCEPT
insmod /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko
insmod /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ipt_LOG.ko
insmod /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ipt_REJECT.ko
insmod /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ipt_limit.ko
$IPTABLES -A INPUT -m limit --limit 3/second \
--limit-burst 5 -i ! lo -j LOG
$IPTABLES -A INPUT -i ! lo -j DROP
Which brings me to another interesting point; I have the full paths to all the modules and when I run the script, it says this:
Code:
insmod: error inserting '/lib/modules/2.6.5-1.358/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko': -1 File exists
insmod: error inserting '/lib/modules/2.6.5-1.358/kernel/net/ipv4/netfilter/ipt_LOG.ko': -1 File exists
insmod: error inserting '/lib/modules/2.6.5-1.358/kernel/net/ipv4/netfilter/ipt_REJECT.ko': -1 File exists
insmod: error inserting '/lib/modules/2.6.5-1.358/kernel/net/ipv4/netfilter/ipt_limit.ko': -1 File exists
insmod: error inserting '/lib/modules/2.6.5-1.358/kernel/net/ipv4/netfilter/ipt_state.ko': -1 File exists
I am assuming that has something to do with the nmap results.
Any advice is certainly apprciated!!
This is all running on FC2