Solved

What is wrong with my iptables

Posted on 2009-05-05
2
251 Views
Last Modified: 2013-11-16
Hello

Running - 10 mins - fresh CentOS Linux 5 x86  install
I scanned my box with nmap and discovered the below ports are open

Can someon explain what is wrong with the iptables and why these ports can be probed from outside please ?

I dumped the default iptables wich comes with the fresh install . I commented some lines but I still can not hide these ports

Thank you



PORT     STATE    SERVICE VERSION
22/tcp   open     ssh
25/tcp   filtered smtp
111/tcp  open     rpcbind
|  rpcinfo:  
|  100000  2    111/udp  rpcbind  
|  100024  1    643/udp  status  
|  100000  2    111/tcp  rpcbind  
|_ 100024  1    646/tcp  status  
646/tcp  open     rpcbind
3306/tcp open     mysql   MySQL (unauthorized)
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
#-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p 10000 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Open in new window

0
Comment
Question by:tgunduz
2 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 500 total points
ID: 24311590
change the last line to:
-A RH-Firewall-1-INPUT -j DROP

Maybe nmap  interprets a reject icmp reply as an open port for some protocols.
0
 

Author Comment

by:tgunduz
ID: 24311764
thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New firewall implementation guidance 12 90
lunix and unix command 21 90
application access evidence windows 7 5 47
PCI Compliance - mixing SAQs 6 45
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Most MSPs worth their salt are already offering cybersecurity to their customers. But cybersecurity as a service is wide encompassing and can mean many things.  So where are MSPs falling in this spectrum?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question