>Ok, so now I know to close these unnecessary ports.
>Problem now is nmap says I still have a ton of ports
>open, but when I type '/sbin/ipchains -L -n' ipchains
>shows many of these very same ports set to deny as I setup.
>Why do the ports still show up as open in nmap when
>ipchains indicates they should be otherwise? How do
>I REALLY close these ports? I already commented out
>absolutely everything in inetd.conf with exception to the
>authentication line and then rebooted. Nothing else in
>inetd.conf is
>without a leading '#' sign. Still several services
>like finger, telnet, and others show as open to nmap -- and
>yes I can actually run telnet despite commenting it out :(
>What else should I look for that will make sure these ports are closed?
>Thanks!
>Andre
Suggestion:
1) Add a temporary logging rule to the end of your input chain -
so you can see what ipchains saw as it accepted the nmap data.
Then you might contrive the right rule to block it.
If you like to leave the logging rule it in all the time,
you can try to match the SYN flag (start of connection) to
limit the number of log entries.
ipchains -A input -s 0/0 -d 0/0 -j ACCEPT -l
2) It looks like you may have the default policy set to ACCEPT
and only block services you don't want. You may want to switch
this policy and deny everything - and only accept those
services you want to let in. It is 'stronger'.
Can set the default policy explicitly to deny/reject,
and/or can add a last rule to deny and/or log.
ipchains -P input DENY
..series of ipchains accept rules...
ipchains -A input -s 0.0.0.0/0 -d 0.0.0.0/0 -l -j REJECT
You may find, for example, that when nmap is run from the
local machine, it uses the local loopbace interface and dodges
your carefully crafted ipchains rules. Or not :-)
Good discussion of rules in
http://www.linux.org/help/ldp/howto/IP-Masquerade-HOWTO.html
--Dave
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
