iptables question...

[feardapenguin]

I've been working on tightening the iptable rules of my firewall and have been unable to determine where the following hole is. (For what it's worth the firewall is running on my local "user" machine but is behind a wireless router with NAT firewall.)

The head scratcher involves a result when I test via "Shields Up" (https://grc.com/x/ne.dll?bh0bkyd2). The rules seem to pass for everything except this one item. I'm not too clear on exactly what it is referring to or whether it is getting the ack from my box or the router.

[theturner]

I built a pretty standard firewall with Firestarter, and I pass that test.
Make sure your Firewall denies unwanted packets, instead of rejecting them.

[feardapenguin]

As shown above there is nothing set to REJECT. All are either ACCEPT or DROP.

[CriminalMastermind]

well i do see one problem that has nothing to do with iptables and one way you can trouble shoot this further.
if you are behind a nat box then grc is scanning it's ports, not the ports of your local box... so your wireless router/nat/firewall is probably what is responding to them. you could have forwarded all the ports from your nat box to your local firewall boxes ip, but i don't think this bypasses it and i think it would respond under some situations.

what i would sugest you do to try and narrow things down is to break out your favorit packet sniffer and run it on your local box. then run the port scan and see what goes back to grc.

[feardapenguin]

The problem turned out to be auth. This rule did the trick: