Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Is my iptables screwed up?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
ens_leader
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2005
Posts: 105
PostPosted: Thu Sep 18, 2008 12:27 am    Post subject: Is my iptables screwed up? Reply with quote
I just used bastille to "harden" my system. I'm having a hard time determining if it actually did anything. I had in configure my iptables firewall. Can someone tell me if its configured correctly? and why arn't the ports showing up (i.e. allow ssh, block port X etc.)

Code:
/sbin# iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     0    --  anywhere             anywhere
DROP       0    --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN     0    --  anywhere             anywhere
PUB_IN     0    --  anywhere             anywhere
PUB_IN     0    --  anywhere             anywhere
DROP       0    --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       0    --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    0    --  anywhere             anywhere
PUB_OUT    0    --  anywhere             anywhere
PUB_OUT    0    --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       0    --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     0    --  anywhere             anywhere

Chain PAROLE (0 references)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere

Chain PUB_IN (3 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
LOG        tcp  --  anywhere             anywhere            tcp dpt:telnet state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:ftp state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:imap2 state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:pop3 state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:finger state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:sunrpc state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:exec state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:login state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:linuxconf state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        tcp  --  anywhere             anywhere            tcp dpt:ssh state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG        udp  --  anywhere             anywhere            udp dpt:31337 state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
DROP       icmp --  anywhere             anywhere
DROP       0    --  anywhere             anywhere

Chain PUB_OUT (3 references)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 23193
PostPosted: Fri Sep 19, 2008 2:16 am    Post subject: Reply with quote
That output is missing so much information that it is hard to tell what you have done. Use iptables-save -c instead. It will produce a concise and complete dump of your rules.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy