LinuxQuestions.org
Support LQ: Use code LQCO20 and save 20% on CrossOver Office
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page weird iptables
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 10-14-2009, 10:59 AM   #1
sang_froid
Member
 
Registered: Oct 2006
Posts: 179

Rep: Reputation: 15
weird iptables

Hi,

I have a machine which is running Fedora and when I run the command, it outputs as below:

Quote:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:nrpe
ACCEPT tcp -- 202.52.245.0/24 anywhere tcp dpt:ssh
REJECT tcp -- anywhere anywhere tcp dpt:ssh
reject-with icmp-port-
unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


However, when I telnet to port 25 of this machine from other machines from other network, it still is allowing to do SMTP... Something is going on strange...what could be going on wrong ?

Any ideas ??
 
Old 10-14-2009, 11:07 AM   #2
wfh
Member
 
Registered: Sep 2009
Location: Northern California
Distribution: Ubuntu Debian CentOS RHEL Suse
Posts: 164

Rep: Reputation: 44
Quote:
Originally Posted by sang_froid View Post
Hi,
telnet to port 25 of this machine from other machines from other network, it still is allowing to do SMTP... Something is going on strange...what could be going on wrong ?
Try changing your default to DENY or REJECT. Normally you want to toss out unexpected connections from outside your firewall. The problem with a default policy of ALLOW...any error or omission in your ruleset and packets will get through.
Last edited by wfh; 10-14-2009 at 11:08 AM.
 
Old 10-14-2009, 02:58 PM   #3
jstephens84
Senior Member
 
Registered: Sep 2004
Distribution: (Home)Opensolaris, Ubuntu, CentOS, (Work - AIX, HP-UX, Red Hat)
Posts: 2,043

Rep: Reputation: 82
Quote:
Originally Posted by sang_froid View Post
Hi,

I have a machine which is running Fedora and when I run the command, it outputs as below:





However, when I telnet to port 25 of this machine from other machines from other network, it still is allowing to do SMTP... Something is going on strange...what could be going on wrong ?

Any ideas ??
As mentioned if you look at your chains default setting, you have to accept everything. Which case you are saying that I am only blocking chains that I add. This type of security is hard to keep up with.

It is better to say I deny everything but These items. So as mentioned, you will want to change your table from accept to deny. This can be done by
Code:
iptables -t FILTER -P INPUT REJECT
you may need to change reject to DROP
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
weird iptables problem. just_me_then Linux - Networking 4 02-11-2007 09:15 AM
iptables ... weird behavior, please help! matrixcubed Linux - Networking 0 05-09-2005 09:44 AM
Iptables - ftp weird behaivor esanchez Linux - Networking 2 12-08-2004 07:30 PM
weird Dropline Gnome problem with iptables Gates1026 Slackware 2 02-19-2004 08:50 AM
Weird problems part 2 (iptables) BigDanny Linux - Networking 3 03-24-2003 11:20 AM


All times are GMT -5. The time now is 12:06 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration