Hi,
I've been setting up (thanks Capt_Caveman) a very simple firewall to block some services I don't use from being inadvertently activated. Here's my rc.firewall startup script :
Code:
iptables -I INPUT -i eth0 -p tcp --dport 21 -j DROP
iptables -I INPUT -i eth0 -p tcp --dport 22 -j DROP
iptables -I INPUT -i eth0 -p tcp --dport 177 -j DROP
iptables -I INPUT -i eth0 -p udp --dport 177 -j DROP
iptables -I INPUT -i eth0 -p tcp --dport 6000 -j DROP
iptables -I INPUT -i eth0 -p udp --dport 6000 -j DROP
I would like to know how I can test it. I understand that I can easily test port 22 by launching sshd and attempting an ssh connection. I also understand that I could test any other tcp port by moving my sshd to this port. But this way I won't ever test udp ! Also, this is a very tedious way of testing. So, I wondered if there was some way of testing any protocol on any port and check that the firewall actually blocks packets.
Also I would like that the firewall keeps a log of the packets it has blocked. How can I do that ?
Also, I don't know at all what protocol XDMCP uses, so I blocked tcp and udp on port 177, but perhaps that's wrong? Can you help ?
By the way, here's the output of iptables --list :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:x11
DROP tcp -- anywhere anywhere tcp dpt:x11
DROP udp -- anywhere anywhere udp dpt:xdmcp
DROP tcp -- anywhere anywhere tcp dpt:xdmcp
DROP tcp -- anywhere anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp dpt:ftp
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination