[NCLUG] UDP and iptables

quent quent at pobox.com
Sat Sep 6 11:41:13 MDT 2003 

That config file does not show what your actual iptables rules are. 
Using iptables --list
will show what's really going on.

Based on the config file it looks like all localhost traffic and only 
udp port 53 from one address is permitted, with all other TCP and UDP 
being rejected, but something else is going on if that scanning site 
thinks packets on udp port 21 are getting through.

	Quent

On Friday, September 5, 2003, at 09:17 AM, William Dan Terry wrote:

> I've got KRUD 9 with iptables as follows:
>
> # Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> #       firewall; such entries will *not* be listed here.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT
> -A FORWARD -j RH-Lokkit-0-50-INPUT
> #-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 166.93.1.3 --sport 53 -d 0/0 
> -j
> ACCEPT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 166.93.8.2 --sport 53 -d 0/0 
> -j
> ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
> COMMIT
>
> When testing from http://scan.sygatetech.com/ (easy scan from outside 
> my
> network) TCP is protected the way I want. However, UPD gets the
> following type notes:
>
> FTP
> 21
> CLOSED
> This port has responded to our probes. This means that you are not
> running any application on this port, but it is still possible for
> someone to crash your computer through known TCP/IP stack
> vulnerabilities.
>
> It looks like UPD is as closed as iptables offers but I'm still 
> learning
> iptables. Am I right? Or is there something else I can do?
>
> Peace, William
>
> ___________W__i__l__l__i__a__m_____D__a__n_____T__e__r__r__y___________
> How do we acquire wisdom along with all these shiny things? -David Brin
>
>     PGP public key:     http://www.knotworks.com/wdt_pgp_pubkey.asc
>     fingerprint: BE50 6158 80F3 78FF 16B1  C85F 7CCB 3FEB 5485 56E5
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug

More information about the NCLUG mailing list