On Tue, 29 Jul 2014 14:04:23 -0700 Mike McClain <mike.j...@nethere.com> wrote:
> I've run into a difficulty with iptables in that both GRC.com and > PCFlank.com's firewall scans show ports 137-139 and 445 as blocked but > not stealthed in spite of the fact that I have these statements in my > firewall script: > iptables -A INPUT -p udp --dport 137:138 -j DROP > iptables -A INPUT -p tcp --dport 137:138 -j DROP > iptables -A INPUT -p tcp --dport 139 -j DROP > iptables -A INPUT -p tcp --dport 445 -j DROP > iptables -A OUTPUT -p udp --dport 137:138 -j DROP > iptables -A OUTPUT -p tcp --dport 137:138 -j DROP > iptables -A OUTPUT -p tcp --dport 139 -j DROP > iptables -A OUTPUT -p tcp --dport 445 -j DROP > > Both scans report all else stealthed. > Suggestions? Apart from the suggestions others have offered, why are you listing these ports at all? Your iptables rules should block everything everywhere by default, and only permit in what you want. And if you are hoping to be invisible from the Net, as you imply, then you won't be letting in anything at all except that which is related to previous outward messages. Something else you might do now is to place temporary logging rules before your 'DROP' rules, to confirm whether it is indeed iptables which is blocking those packets. No logs, it's somebody or something else. And if you have anything other than just a bare modem between you and the outside world, which is not really best practice, then the first place to look is the Net router. And as someone else asked, why are you worried about this 'stealth'? As long as the bad packets don't get in, what does it matter? -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140730081851.70446...@jretrading.com
