[nos-bbs] iptables qestion and....

jerome schatten romers at shaw.ca
Thu Nov 15 00:57:55 EST 2012 

So... you are saying that ports other than 22 and 631 in this case may
be open but no apps are listening?  I guess I should increase the level
of penetration of nmap to test that out? Or is there no way? What I
would like to do is open 'em all up since the machine is in the DMZ
anyway. Or am I really worrying about nothing??
j.


On Wed, 2012-11-14 at 21:34 -0800, Michael Fox - N6MEF wrote:
> Hi Jerome,
> 
> Essentially correct.
> Each chain has a default policy.  The default policy defines what happens if
> a packet makes it through all of the rules in the chain without being
> matched.  Typically one would set the default policy to DROP and then add
> rules to match and ACCEPT the particular types of packets that you want to
> accept.  Anything else would be dropped by the default policy.  In the
> output below, the default policy is ACCEPT for each chain, so if no rules
> are matched, the packet is allowed.  And, since there are no rules, then all
> packets are allowed.
> 
> So what does allowed mean?
> The INPUT chain is for packets destined for Linux itself.  Such as if you
> were to ssh to the linux machine.
> The FORWARD chain is for packets that will travel through the Linux box.
> Such as packets coming in on one interface and exiting via another.
> The OUTPUT chain is for packets that the Linux box originates.  Such as if
> you were to ping someone FROM the linux box.
> 
> The configuration below merely shows that iptables isn't going to get in the
> way of any packets.  But that doesn't mean that the ports are open.  For the
> port to be open, you need some application running and listening on that
> port.  For example, if you were running a ssh server, then port 22 would be
> open (unless it was configured to listen on another port.  
> 
> Michael
> N6MEF
> 
> -----Original Message-----
> From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
> Of jerome schatten
> Sent: Wednesday, November 14, 2012 8:35 PM
> To: nos-bbs
> Subject: [nos-bbs] iptables qestion and....
> 
> If I run the command 'iptables -L', on my jnos machine (the box), it
> returns:
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> orange at orange:~$ 
> 
> In the ordinary English language sense of the word ACCEPT, I interpret this
> to mean that there is no linux firewall. Is this correct? It seems to behave
> in just the opposite way.
> 
> The reason I ask is because running nmap pointing at the jnos machine (the
> target is the ethernet addrress), from another machine on the lan, shows all
> ports closed except 631 and 22.
> 
> Help an old man out here, eh?
> jerome - ve7ass
> 
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
> 
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs

More information about the nos-bbs mailing list