iptables

[Jeremy Fowler]

Oops that should have been a REJECT with tcp-reset not an icmp port unreachable,
if you want to make it look like the port is closed and not filtered by a
firewall.

So:

iptables -t nat -I PREROUTING -i <interface> --dport <port>  -s !<address> -j REJECT --reject-with 
tcp-reset

> -----Original Message-----
> From: Jeremy Fowler [mailto:jfowler at westrope.com]
> Sent: Tuesday, July 09, 2002 9:17 AM
> To: mgoins at kcp.com; kclug at kclug.org
> Subject: RE: iptables
>
>
> Try blocking it in the PREROUTING chain of the nat or mangle table
> and then REJECT the packet with a icmp port unreachable.
>
> iptables -t nat -I PREROUTING -i <interface> --dport <port> -s
> !<address> -j REJECT
>
> > -----Original Message-----
> > From: owner-kclug at marauder.illiana.net
> > [mailto:owner-kclug at marauder.illiana.net]On Behalf Of mgoins at kcp.com
> > Sent: Tuesday, July 09, 2002 7:57 AM
> > To: kclug at kclug.org
> > Subject: iptables
> >
> >
> > Howdy all,
> >
> >
> > I 'm looking to hide an open port from my LAN (nmap scans) and have only
> > open to one machine. I'm thinking iptables, I have read the man page and
> > the how-to. but I can't seem to get it working. I am able to block
> > everybody but the one host. I am not able to hide it from nmap as being
> > open.
> >
> >
> >
> > Any help would be great.
> >
> >
> > Thanks,
> >
> > ~Michael
> >
> >
> >