I have been trying to get iptables set up on my gateway machine, but it isn't working like I think it should. I have the following entry in the rc.firewall script to block incoming SYN packets:
EXT_IF="ppp0" IPTABLES="//sbin/iptables" $IPTABLES -A INPUT -i $EXT_IF -p tcp ! --syn -j ACCEPT yet ethereal shows these getting through: Source port: 1302 (1302) Destination port: 135 (135) Sequence number: 2684291305 Header length: 28 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set I also have the following: $IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 135 -s 0.0.0.0/0 -j DROP which should block packets detined for port 135, but also seems ineffective. What might be the problem? The above is just a snippet from the rc.firewall script. I can post it in its entirety if that would help. -- Thomas K. Gamble [EMAIL PROTECTED] Registered Linux User #270415 The fear of the Lord leads to life, and he who has it shall abide in satisfaction; he will not be visited with evil. (Proverbs 19:23) 20:45:47 up 3 days, 11:00, 5 users, load average: 0.00, 0.00, 0.07
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com