Hi, Whilst dealing with a seperate problem I came across an interesting entry in iptables:

# iptables -L
[other rules]
okay tcp -- anywhere anywhere tcp dpt:8000
[more rules]

I checked in the script I use to make my firewall and I can't see anything that would create this rule, or see the port as open when I portscan my public IP (nmap with both -sS and -sT). Is this something I should be concerned about? I was doing some work on my iptables script last week, so I might just have put it in by accident then or something (don't remember doing it, but I did want port 80 open so I might have).

How do I remove the chain by the way? I know I use iptables -D, but can anyone tell me how I'd define the chain please?

Many Thanks,

James

If you don't have any particular reason to leave tcp port 8000 open on that computer then it's best to remove that rule. It might be useful to do use netstat to check what ports are listed as listening. "netstat -lptuw" would do the trick. I'd just do "iptables --line-numbers -L" to get the line number and then remove it using "iptables -D LINENUMBER".

The next thing to check would be if you did define a rule for port 80 or accidentally typed in a couple of extra zeros. It shouldn't be too much to worry about. Still, it's best to allow connections only to the required ports and nothing extra.

Thanks!

I checked and it belonged to some Dell management software the server came with, never used it so closed up the hole as instructed. I generally try not to run any services I don't need, cos I have enough to worry about as it is

~James~