Hi, I'm playing here with iptables, and I have a small problem:
Here's my iptables config: FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :test-fw-INPUT - [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -j test-fw-INPUT -A FORWARD -j test-fw-INPUT -A test-fw-INPUT -i lo -j ACCEPT -A test-fw-INPUT -i eth0 -j ACCEPT -A test-fw-INPUT -i eth0-range0 -j ACCEPT -A test-fw-INPUT -p icmp --icmp-type any -j ACCEPT -A test-fw-INPUT -p 50 -j ACCEPT -A test-fw-INPUT -p 51 -j ACCEPT -A test-fw-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A test-fw-INPUT -p tcp -m state -m tcp --dport 5901 --state NEW -j ACCEPT -A test-fw-INPUT -p tcp -m state -m tcp --dport 10000 --state NEW -j ACCEPT -A test-fw-INPUT -p tcp -m state -m tcp --dport 22 --state NEW -j ACCEPT -A test-fw-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT -A test-fw-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT All those rules work. However, when I'm trying to scan this VM machine with NMAP, I can still see other ports open (such as X, VNC etc). Do I need to specifically add rules to reject them? or am I doing something wrong here? the last rule should reject any attempts to connect from outside.. Any suggestions are welcome.. Thanks, Hetz -- Skepticism is the lazy person's default position. my blog (hebrew): http://benhamo.org ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
