RH9-Shrike&iptables-->unbelieviable effect...ports are opened...
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
RH9-Shrike&iptables-->unbelieviable effect...ports are opened...
hello
I am just very confused about my strange REdHat9Shrike Firewall.... ...well I am running the script below....this script denies every connection exceptly the ssh-port and the local processes so, there should just the ssh-port be opened....here is what my nmap says: the ports 80-83, 1080, 1863, 5190, 11523 are opened...!!!!!
i can't understand this bemusing wonder.... there is a ghost conjuring up some stupid things right in my RedHat9...????????????here is my script:
Code:
[root@router1 pablo]# cat 1
#!/bin/tcsh
#script fr router
echo "firewall is starting now......"
set ipt = /sbin/iptables
set EXT = eth0
set INT = eth1
set IF = ( $EXT $INT )
set p_high = 1024:
#-------------------------
#kernelparameter setzen fuer alle interfaces extra:
echo "0" > /proc/sys/net/ipv4/ip_forward #erstmal abschalten
echo "1" > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "0" > /proc/sys/net/ipv4/conf/all/bootp_relay
echo "0" > /proc/sys/net/ipv4/conf/all/log_martians
#------------------------
#default policies:
$ipt -P INPUT DROP
$ipt -P OUTPUT DROP
$ipt -P FORWARD DROP
echo "...all BUILT-IN CHAINS are successfully dropped by default..."
$ipt -F
$ipt -t nat -F
$ipt -X
echo "...USERDEFINED CHAINS were flushed..."
#--------------------------------
#local processes:
$ipt -A OUTPUT -o lo -j ACCEPT
$ipt -A INPUT -i lo -j ACCEPT
#---------------------------------------------------
#set TTL (just affecting all the packets, that the router generated by himself):
echo "102" > /proc/sys/net/ipv4/ip_default_ttl
#set TTL for GENERAL OUTGOING PACKETS!
#$ipt -t mangle -A OUTPUT -j TTL --ttl-set 102
#$ipt -t mangle -A OUTPUT -j ttl_fertig --ttl-set 102
echo "...ttl is adjusted...!"
#$ipt -N ttl_fertig
#---------------------------------------------------
#rules for ssh-connection:
$ipt -A OUTPUT -p tcp --sport 22 ! --syn --dport $p_high -j ACCEPT
$ipt -A INPUT -p tcp --dport 22 --sport $p_high -j ACCEPT #2mal server
echo "......"
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.