[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2006-07-07 at 20:10 +0200, Andras Simon wrote:
> On 7/7/06, Frank Elsner <[email protected]> wrote:

> > Disconnect from net and re-install.
> 
> I'll do a reinstall, but I'd love to know where's the hole first,
> otherwise there's nothing to save me from the same thing happening
> again. Not that I know where to look... The usual suspects (portmap,
> sendmail, etc.) are not running, and I thought my firewall rules were
> pretty strict (who doesn't? :-)), iptables -L says
> 
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> DROP       tcp  --  anywhere             anywhere            tcp dpts:0:1023
> DROP       udp  --  anywhere             anywhere            udp dpts:0:1023
> DROP       tcp  --  anywhere             anywhere            tcp
> flags:FIN,SYN,RST,ACK/SYN
> DROP       icmp --  anywhere             anywhere            icmp echo-request
> 
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain RH-Firewall-1-INPUT (0 references)
> [there's more here, but hopefully, 0 references means that they're irrelevant]

no, it means that no rule points to that chain, so any rules in there
are getting ignored -- they never get seen by a single packet and are
not filtered by any of them.

observe: (btw, iptables -vL, or -nvL may be more informative for you)

(from iptables -nL: )
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state
INVALID 
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type
255 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
RELATED,ESTABLISHED 
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state
INVALID 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:445 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpts:137:139 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:137:139 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:61200:61222 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:67:68 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpts:1023:1025 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:1026:1029 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpts:1433:1434 
DROP       udp  --  0.0.0.0/0            0.0.0.0/0           udp
dpts:1433:1434 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
dpt:113 
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp LOG
flags 0 level 4 prefix `[iptables-log] ' 
LOG        udp  --  0.0.0.0/0            0.0.0.0/0           udp LOG
flags 0 level 4 prefix `[iptables-log] ' 
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

now how there are two references to the RH-FIREWALL-1-INPUT ? 

-- 
  Scott Godin, Programmer           | p: 302.368.5640
  MAD House Graphics                | c: 302.750.MAD1 (6231)
  PO Box 7619, Newark DE 19714 USA  | w: www.MadHouseGraphics.com
...................................................................
  Comprehensive Expertise in Web and Print


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]
  Powered by Linux