[WBEL-users] More on iptables
Ed Morrison
emorrison@ncen.org
Fri, 6 Aug 2004 10:37:37 -0700
Hey everyone,
I have changed my iptables to what I have pasted below. The policy is
set to drop all packets except for what I explicitly allow. Yet, when I
run nmap against this box I am showing all these ports as open (see
below). Shouldn't they show as closed? Where am I going wrong?
Thanks,
Ed
Iptables:
[root@heresy sysconfig]# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 DROP all -- any any 24.20.253.108
anywhere
0 0 DROP all -- any any 69.145.105.154
anywhere
0 0 DROP all -- any any 4.11.196.79
anywhere
0 0 DROP all -- any any 80.202.20.7
anywhere
0 0 DROP all -- any any 137.164.158.14
anywhere
0 0 DROP all -- any any 201.129.85.142
anywhere
0 0 DROP all -- any any 24.19.7.146
anywhere
0 0 DROP all -- any any 66.44.140.103
anywhere
0 0 DROP all -- any any 12.205.157.201
anywhere
0 0 DROP all -- any any 201.129.85.95
anywhere
0 0 DROP all -- any any 219.103.193.130
anywhere
0 0 DROP all -- any any 130.120.81.14
anywhere
0 0 DROP all -- any any 207.3.145.251
anywhere
0 0 DROP all -- any any 131.234.66.101
anywhere
0 0 DROP all -- any any 12.109.164.254
anywhere
0 0 DROP all -- any any 12.109.164.25
anywhere
0 0 DROP all -- any any 219.120.54.178
anywhere
0 0 DROP all -- any any 219.120.54.1
anywhere
0 0 DROP all -- any any 201.129.85.221
anywhere
0 0 DROP all -- any any 69.145.104.154
anywhere
0 0 DROP all -- any any 208.19.107.78
anywhere
0 0 DROP all -- any any 210.92.210.67
anywhere
0 0 DROP all -- any any 219.120.54.178
anywhere
0 0 DROP all -- any any 62.3.209.74
anywhere
0 0 DROP all -- any any 62.3.209.74
anywhere
0 0 DROP all -- any any 202.141.1.28
anywhere
0 0 DROP all -- any any 216.97.110.1
anywhere
0 0 DROP all -- any any 203.123.11.21
anywhere
0 0 DROP all -- any any 211.252.6.194
anywhere
0 0 DROP all -- any any 61.187.92.210
anywhere
0 0 DROP all -- any any 61.187.94.210
anywhere
0 0 DROP all -- any any 195.247.24.11
anywhere
0 0 DROP all -- any any 24.119.57.93
anywhere
0 0 DROP all -- any any 220.99.76.139
anywhere
0 0 DROP all -- any any 66.78.26.26
anywhere
170 18765 ACCEPT tcp -- any any anywhere
anywhere tcp dpt:http
2698 159K ACCEPT tcp -- any any anywhere
anywhere tcp dpt:ssh
0 0 ACCEPT all -- any any
heresy.northcentralcounties.org anywhere
2184 322K DROP all -- eth0 any anywhere
anywhere
nmap scan:
[root@mx1 sysconfig]# nmap -sO 207.13.247.19
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting protocols on heresy.northcentralcounties.org
(207.13.247.19):
Protocol State Name
1 open icmp
2 open igmp
3 open ggp
4 open ip
5 open st
6 open tcp
7 open cbt
8 open egp
9 open igp
10 open bbn-rcc-mon
11 open nvp-ii
12 open pup
13 open argus
14 open emcon
15 open xnet
16 open chaos
17 open udp
18 open mux
19 open dcn-meas
20 open hmp
21 open prm
22 open xns-idp
23 open trunk-1
24 open trunk-2
25 open leaf-1
26 open leaf-2
27 open rdp
28 open irtp
29 open iso-tp4
30 open netblt
31 open mfe-nsp
32 open merit-inp
33 open sep
34 open 3pc
35 open idpr
36 open xtp
37 open ddp
38 open idpr-cmtp
39 open tp++
40 open il
41 open ipv6
42 open sdrp
43 open ipv6-route
44 open ipv6-frag
45 open idrp
46 open rsvp
47 open gre
48 open mhrp
49 open bna
50 open esp
51 open ah
52 open i-nlsp
53 open swipe
54 open narp
55 open mobile
56 open tlsp
57 open skip
58 open ipv6-icmp
59 open ipv6-nonxt
60 open ipv6-opts
61 open unknown
62 open cftp
63 open unknown
64 open sat-expak
65 open kryptolan
66 open rvd
67 open ippc
68 open unknown
69 open sat-mon
70 open visa
71 open ipcv
72 open cpnx
73 open cphb
74 open wsn
75 open pvp
76 open br-sat-mon
77 open sun-nd
78 open wb-mon
79 open wb-expak
80 open iso-ip
81 open vmtp
82 open secure-vmtp
83 open vines
84 open ttp
85 open nsfnet-igp
86 open dgp
87 open tcf
88 open eigrp
89 open ospfigp
90 open sprite-rpc
91 open larp
92 open mtp
93 open ax.25
94 open ipip
95 open micp
96 open scc-SP
97 open etherip
98 open encap
99 open unknown
100 open gmtp
101 open ifmp
102 open pnni
103 open pim
104 open aris
105 open scps
106 open qnx
107 open a/n
108 open ipcomp
109 open snp
110 open compaq-peer
111 open ipx-in-ip
112 open vrrp
113 open pgm
114 open unknown
115 open l2tp
116 open ddx
117 open iatp
118 open stp
119 open srp
120 open uti
121 open smp
122 open sm
123 open ptp
124 open isis-over-ipv4
125 open fire
126 open crtp
127 open crudp
128 open sscopmce
129 open iplt
130 open sps
131 open pipe
132 open sctp
133 open fc
134 open unknown
135 open unknown
136 open unknown
137 open unknown
138 open unknown
139 open unknown
140 open unknown
141 open unknown
142 open unknown
143 open unknown
144 open unknown
145 open unknown
146 open unknown
147 open unknown
148 open unknown
149 open unknown
150 open unknown
151 open unknown
152 open unknown
153 open unknown
154 open unknown
155 open unknown
156 open unknown
157 open unknown
158 open unknown
159 open unknown
160 open unknown
161 open unknown
162 open unknown
163 open unknown
164 open unknown
165 open unknown
166 open unknown
167 open unknown
168 open unknown
169 open unknown
170 open unknown
171 open unknown
172 open unknown
173 open unknown
174 open unknown
175 open unknown
176 open unknown
177 open unknown
178 open unknown
179 open unknown
180 open unknown
181 open unknown
182 open unknown
183 open unknown
184 open unknown
185 open unknown
186 open unknown
187 open unknown
188 open unknown
189 open unknown
190 open unknown
191 open unknown
192 open unknown
193 open unknown
194 open unknown
195 open unknown
196 open unknown
197 open unknown
198 open unknown
199 open unknown
200 open unknown
201 open unknown
202 open unknown
203 open unknown
204 open unknown
205 open unknown
206 open unknown
207 open unknown
208 open unknown
209 open unknown
210 open unknown
211 open unknown
212 open unknown
213 open unknown
214 open unknown
215 open unknown
216 open unknown
217 open unknown
218 open unknown
219 open unknown
220 open unknown
221 open unknown
222 open unknown
223 open unknown
224 open unknown
225 open unknown
226 open unknown
227 open unknown
228 open unknown
229 open unknown
230 open unknown
231 open unknown
232 open unknown
233 open unknown
234 open unknown
235 open unknown
236 open unknown
237 open unknown
238 open unknown
239 open unknown
240 open unknown
241 open unknown
242 open unknown
243 open unknown
244 open unknown
245 open unknown
246 open unknown
247 open unknown
248 open unknown
249 open unknown
250 open unknown
251 open unknown
252 open unknown
253 open unknown
254 open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 202 seconds