iptables says drop icmp but its sneaking through!!!

The Morleys morley at cheerful.com
Fri Mar 1 22:44:36 CST 2002 

Why not change your policy defaults to DROP and then only allow through what 
you want to allow through? 

timm

On Friday 01 March 2002 01:18 pm, hanasaki wrote:
> DUMP OF IPTALBES RULES
> ================================
> root at portal:[143]~ iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     tcp  --  anywhere             mkc-65-26-126-218.kc.rr.comtcp
> dpt:smtp
> ACCEPT     tcp  --  anywhere             mkc-65-26-126-218.kc.rr.comtcp
> dpt:www
> ACCEPT     tcp  --  anywhere             mkc-65-26-126-218.kc.rr.comtcp
> dpt:5190
> DENIED_PORT_PRIV  tcp  --  anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:0:112
> DENIED_PORT_PRIV  udp  --  anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:0:112
> DENIED_PORT_PRIV  tcp  --  anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:114:1023
> DENIED_PORT_PRIV  udp  --  anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:114:1023
> DENIED_PORT_UNPRIV_TCP  tcp  --  anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpt:2049
> DENIED_PORT_UNPRIV_UDP  udp  --  anywhere
> mkc-65-26-126-218.kc.rr.comudp dpt:2049
> DENIED_PORT_UNPRIV_TCP  tcp  --  anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:x11:x11-5
> DENIED_PORT_UNPRIV_UDP  udp  --  anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:x11:x11-5
> DENIED_PORT_UNPRIV_TCP  tcp  --  anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:12345:12346
> DENIED_PORT_UNPRIV_UDP  udp  --  anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:12345:12346
> DENIED_PORT_UNPRIV_TCP  tcp  --  anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:1024:65535
> DROP       icmp --  anywhere             mkc-65-26-126-218.kc.rr.com
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain DENIED_PORT_PRIV (4 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere           state
> RELATED,ESTABLISHED
> LOG        all  --  anywhere             anywhere           LOG level
> notice prefix `TL0G_DENIED_PORT_PRIV: '
> DROP       all  --  anywhere             anywhere
>
> Chain DENIED_PORT_UNPRIV_TCP (4 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere           state
> RELATED,ESTABLISHED
> LOG        all  --  anywhere             anywhere           LOG level
> notice prefix `TL0G_DENIED_PORT_T-UNPRIV: '
> DROP       all  --  anywhere             anywhere           state
> INVALID,NEW
>
> Chain DENIED_PORT_UNPRIV_UDP (3 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere           LOG level
> notice prefix `TL0G_DENIED_PORT_U-UNPRIV: '
> DROP       all  --  anywhere             anywhere
>
> Chain ONTHEFLY (0 references)
> target     prot opt source               destination
> LOG        all  --  anywhere             anywhere           LOG level
> notice prefix `TL0G_ONTHEFLY: '
> DROP       all  --  anywhere             anywhere
> root at portal:[144]~ iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain CHAIN_NAT (0 references)
> target     prot opt source               destination
>
> THE OFFENDING HOST THAT IS GETTING THROUGH
> ====================================================
> root at portal:[145]~ !ho
> host 64.236.7.85
> Name: bb2-den-P7-0.atdn.net
> Address: 64.236.7.85

More information about the Kclug mailing list