Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-31-2004, 06:45 AM   #1
Registered: Jan 2004
Distribution: Gentoo, Ubuntu (Edgy Eft)
Posts: 59

Rep: Reputation: 15
Question Firewall fails port scan test


I'm just starting to learn how to use iptables. I have written a very simple script just to enable internet access to my computer. However when I scanned my computer using 'Shields UP!!' from, it is said that most of my ports are closed (not stealthed) and also my system replied to 'solicited TCP packets' and 'PING reply'. Can someone take a look at my iptables script and tell me what's wrong?

I'm using Fedora Core 2 which is connected to a hardware router. I only have one NIC (eth0) which is connected to the router.

Here's my iptables script:

#Firewall configuration started 31 July 2004


#1 Drop all incoming fragments
-A INPUT -i eth0 -f -j DROP

#2 Drop outside packets with localhost address - anti-spoofing measure
-A INPUT -s -i ! lo -j DROP

#3 allow local loopback connections
-A INPUT -i lo -j ACCEPT

#4 Prevent PING
-A OUTPUT -p icmp -d 0/0 -j DROP

#5 Allow connections DNS server (router)
-A OUTPUT -d -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 53 --sport 1024:65535 -o eth0 -j ACCEPT
-A INPUT -s -m state --state NEW,ESTABLISHED,RELATED -p udp --dport 1024:65535 --sport 53 -i eth0 -j ACCEPT

#6 Allow outgoing connections to web servers
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport http --sport 1024:65535 -o eth0 -j ACCEPT
-A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport https --sport 1024:65535 -o eth0 -j ACCEPT

#7 allow all established and related

#8 log all other attempted outgoing and incoming connections
-A OUTPUT -o eth0 -j LOG
-A INPUT -i eth0 -j LOG

I hope someone can explain this to me. I'm still very much a beginner and still grappling with the basics of iptables.

Old 07-31-2004, 10:28 AM   #2
Senior Member
Registered: Mar 2003
Location: Beautiful BC
Distribution: RedHat & clones, Slackware, SuSE, OpenBSD
Posts: 1,791

Rep: Reputation: 49
Please follow the Total Stealthing posts. I am sure your query will be addressed here.
Old 08-01-2004, 12:23 AM   #3
Registered: Jan 2004
Distribution: Gentoo, Ubuntu (Edgy Eft)
Posts: 59

Original Poster
Rep: Reputation: 15
Thanks ppuru for the reply.

I did read the posts from the link you provided, but the ports on my com are still not stealthed and the com is still replying to Ping. Anyway I think I found out what was wrong. I didn't enable my hardware router's firewall. After I enabled it, everything was stealthed according to the test.

But I don't quite understand why the iptables cannot block PING/ stealth ports when the router's firewall is not enabled.

Old 08-01-2004, 01:05 AM   #4
Senior Member
Registered: Jul 2003
Location: Indiana
Distribution: Mandrake Slackware-current QNX4.25
Posts: 1,802

Rep: Reputation: 46
All you did was to hide your firewall behind another firewall. The closed ports and ICMP replies are actually not a security risk. Here is a short Port security for newbies tutorial which explains away alot of the myths and hype about stealth ports.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse Firewall Port Scan wwnexc Linux - Networking 2 12-02-2005 09:52 AM
port scan. bruse Linux - Networking 1 10-23-2005 06:41 PM
mysqld running and reading for connections on port 3306, no port 3306 found from scan darkenigmaa Linux - Networking 7 09-21-2005 11:10 AM
Microsoft ISA Firewall Returns Port Scan Warnings From Linux BIND DNS Servers. ramram29 Linux - Security 4 01-26-2004 11:09 PM
Port scan luser Linux - Networking 4 10-11-2002 02:37 PM

All times are GMT -5. The time now is 03:42 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration