On Wed, 12 Dec 2001, Boryan Yotov wrote: > Hello, everybody. I'm newbie at the firewall area :) so this question > could sound a litle bit silly. > > I would like to ask you if there is a way to understand whether a port > on a remote machine is firewalled or just not opened. I use iptables > to setup a firewall and I set a ACCEPT target for TCP port 80 for all > "trusted" connections. All other connections to this port are DROP-ed > (the INPUT chain policy is set to DROP).I'm currious whether someone > could detect that the port is existing but firewalled e.g. available > just for a few hosts.
It depends, if there are *no* ports open to 3rd party hosts, then DROP on everything should be the same as if the host wasn't there. If any port answers, and you simply drop packets to some ports, then the lack of response is generally attributable to a filter rule. If it's TCP and there are other ports open, then depending on the normal behaviour of the machine to a TCP probe to a port that isn't listening, it's probably germain to use REJECT and --reject-with icmp-port-unreachable or tcp-reset as applicable. You can set a rule to send back either, one for each of a set of ports, then test with nmap to see what it has to say. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
