I have a linux server that runs only apache (port 80) and ssh (port 22).
Address of eth cards:
eth0: 192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
eth1: 192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
Until now i use this iptables script:
Quote:
iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#### ICMP HANDLING ###
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 4/sec -j ACCEPT
iptables -A INPUT -p icmp -m icmp ! --icmp-type 8 -j ACCEPT
iptables -A INPUT -p icmp -j DROP
# Tell netfilter that all TCP sessions do indeed begin with SYN
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j LOG --log-prefix "FIREWALL:Stealth scan?"
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Accept inbound packets that are part of previously-OK'ed sessions
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Accept ssh
iptables -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
#Accept www
iptables -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Default policy drop
iptables -P INPUT DROP
|
When i "nmap 192.168.1.1" from the same linux server i see many ports open (like port 9/13 etc...)
Why that? I think all ports except 22 and 80 should be closed....
