Solved

What is wrong with my iptables

Posted on 2009-05-05
2
252 Views
Last Modified: 2013-11-16
Hello

Running - 10 mins - fresh CentOS Linux 5 x86  install
I scanned my box with nmap and discovered the below ports are open

Can someon explain what is wrong with the iptables and why these ports can be probed from outside please ?

I dumped the default iptables wich comes with the fresh install . I commented some lines but I still can not hide these ports

Thank you



PORT     STATE    SERVICE VERSION
22/tcp   open     ssh
25/tcp   filtered smtp
111/tcp  open     rpcbind
|  rpcinfo:  
|  100000  2    111/udp  rpcbind  
|  100024  1    643/udp  status  
|  100000  2    111/tcp  rpcbind  
|_ 100024  1    646/tcp  status  
646/tcp  open     rpcbind
3306/tcp open     mysql   MySQL (unauthorized)
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
#-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p 10000 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Open in new window

0
Comment
Question by:tgunduz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 500 total points
ID: 24311590
change the last line to:
-A RH-Firewall-1-INPUT -j DROP

Maybe nmap  interprets a reject icmp reply as an open port for some protocols.
0
 

Author Comment

by:tgunduz
ID: 24311764
thanks
0

Featured Post

Create Professional Looking Email Signatures

Create "Professional HTML Email Signatures" with ease.
7 Day Money Back Guarantee if not 100% Satisfied.
Affordable - Try it out for 7 Days Totally Risk Free.
Installers provided for over 45 Email clients.
Both Windows & MAC Supported.
Highly Recommended!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
TCP Chat/GPS application security thru firewall 4 51
Windows 10 GUEST Account 10 68
Mode / vector of infections and attacks 3 36
WSUS - Updates Approval 2 27
OnPage: Incident management and secure messaging on your smartphone
A hard and fast method for reducing Active Directory Administrators members.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question