On Fri, 2006-07-07 at 20:10 +0200, Andras Simon wrote: > On 7/7/06, Frank Elsner <Elsner@xxxxxxxxxxxxxxxx> wrote: > > Disconnect from net and re-install. > > I'll do a reinstall, but I'd love to know where's the hole first, > otherwise there's nothing to save me from the same thing happening > again. Not that I know where to look... The usual suspects (portmap, > sendmail, etc.) are not running, and I thought my firewall rules were > pretty strict (who doesn't? :-)), iptables -L says > > Chain INPUT (policy ACCEPT) > target prot opt source destination > DROP tcp -- anywhere anywhere tcp dpts:0:1023 > DROP udp -- anywhere anywhere udp dpts:0:1023 > DROP tcp -- anywhere anywhere tcp > flags:FIN,SYN,RST,ACK/SYN > DROP icmp -- anywhere anywhere icmp echo-request > > Chain FORWARD (policy DROP) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (0 references) > [there's more here, but hopefully, 0 references means that they're irrelevant] no, it means that no rule points to that chain, so any rules in there are getting ignored -- they never get seen by a single packet and are not filtered by any of them. observe: (btw, iptables -vL, or -nvL may be more informative for you) (from iptables -nL: ) Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:137:139 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:61200:61222 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1023:1025 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1026:1029 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1433:1434 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1433:1434 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp LOG flags 0 level 4 prefix `[iptables-log] ' LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp LOG flags 0 level 4 prefix `[iptables-log] ' DROP all -- 0.0.0.0/0 0.0.0.0/0 now how there are two references to the RH-FIREWALL-1-INPUT ? -- Scott Godin, Programmer | p: 302.368.5640 MAD House Graphics | c: 302.750.MAD1 (6231) PO Box 7619, Newark DE 19714 USA | w: www.MadHouseGraphics.com ................................................................... Comprehensive Expertise in Web and Print
