[nos-bbs] iptables qestion and....
jerome schatten
romers at shaw.ca
Thu Nov 15 00:57:55 EST 2012
So... you are saying that ports other than 22 and 631 in this case may
be open but no apps are listening? I guess I should increase the level
of penetration of nmap to test that out? Or is there no way? What I
would like to do is open 'em all up since the machine is in the DMZ
anyway. Or am I really worrying about nothing??
j.
On Wed, 2012-11-14 at 21:34 -0800, Michael Fox - N6MEF wrote:
> Hi Jerome,
>
> Essentially correct.
> Each chain has a default policy. The default policy defines what happens if
> a packet makes it through all of the rules in the chain without being
> matched. Typically one would set the default policy to DROP and then add
> rules to match and ACCEPT the particular types of packets that you want to
> accept. Anything else would be dropped by the default policy. In the
> output below, the default policy is ACCEPT for each chain, so if no rules
> are matched, the packet is allowed. And, since there are no rules, then all
> packets are allowed.
>
> So what does allowed mean?
> The INPUT chain is for packets destined for Linux itself. Such as if you
> were to ssh to the linux machine.
> The FORWARD chain is for packets that will travel through the Linux box.
> Such as packets coming in on one interface and exiting via another.
> The OUTPUT chain is for packets that the Linux box originates. Such as if
> you were to ping someone FROM the linux box.
>
> The configuration below merely shows that iptables isn't going to get in the
> way of any packets. But that doesn't mean that the ports are open. For the
> port to be open, you need some application running and listening on that
> port. For example, if you were running a ssh server, then port 22 would be
> open (unless it was configured to listen on another port.
>
> Michael
> N6MEF
>
> -----Original Message-----
> From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
> Of jerome schatten
> Sent: Wednesday, November 14, 2012 8:35 PM
> To: nos-bbs
> Subject: [nos-bbs] iptables qestion and....
>
> If I run the command 'iptables -L', on my jnos machine (the box), it
> returns:
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> orange at orange:~$
>
> In the ordinary English language sense of the word ACCEPT, I interpret this
> to mean that there is no linux firewall. Is this correct? It seems to behave
> in just the opposite way.
>
> The reason I ask is because running nmap pointing at the jnos machine (the
> target is the ethernet addrress), from another machine on the lan, shows all
> ports closed except 631 and 22.
>
> Help an old man out here, eh?
> jerome - ve7ass
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
More information about the nos-bbs
mailing list