hi all,

i'm trying to setup a firewall on my server using webmin. the machine is running:

- ssh / sftp
- imap
- samba
- http and https
- smtp (local delivery of mails, it's not being used on the network to deliver mail, client programs use my ISP's smtp) -> the machine runs courier-imap, postfix, fetchmail and procmail

here are the firewall rules in webmin:

Action Condition Move Add
Accept If input interface is not eth0
Accept If protocol is TCP and TCP flags ACK (of ACK) are set
Accept If state of connection is ESTABLISHED
Accept If state of connection is RELATED
Accept If protocol is ICMP and ICMP type is echo-reply
Accept If protocol is ICMP and ICMP type is destination-unreachable
Accept If protocol is ICMP and ICMP type is source-quench
Accept If protocol is ICMP and ICMP type is time-exceeded
Accept If protocol is ICMP and ICMP type is parameter-problem
Accept If protocol is TCP and destination port is ssh
Accept If protocol is TCP and destination port is auth
Accept If protocol is ICMP and ICMP type is echo-request
Accept If protocol is TCP and destination port is www
Accept If protocol is UDP and destination port is www
Accept If protocol is TCP and destination port is sftp
Accept If protocol is TCP and destination port is imap
Accept If protocol is UDP and destination port is imap
Accept If protocol is TCP and destination port is https
Accept If protocol is TCP and destination port is imaps
Accept If protocol is UDP and destination port is imaps
Accept If protocol is UDP and destination port is 10000
Accept If protocol is TCP and destination port is 10000

I'm getting this when i scan with NMAP :

(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
139/tcp open netbios-ssn
143/tcp open imap
445/tcp open microsoft-ds
809/tcp open unknown
993/tcp open imaps
995/tcp open pop3s
10000/tcp open snet-sensor-mgmt

I don't understand why rpcbind, pop3 etc are open even though I didn't open these in webmin?
any other suggestions or pointers to a good and simple tutorial on setting up a firewall? I tried google but had real difficulty understanding most of the firewall stuff I found.

thanks,
Bert

Where do you scan from? If it's the same machine, the scan ges through lo, not eth0, so the rules do not apply.

a different machine on my LAN ... a second linux server

i'm running Arch Linux

Hmm...Have you set the default policy to 'drop'?