iptables says drop icmp but its sneaking through!!!
The Morleys
morley at cheerful.com
Fri Mar 1 22:44:36 CST 2002
Why not change your policy defaults to DROP and then only allow through what
you want to allow through?
timm
On Friday 01 March 2002 01:18 pm, hanasaki wrote:
> DUMP OF IPTALBES RULES
> ================================
> root at portal:[143]~ iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT tcp -- anywhere mkc-65-26-126-218.kc.rr.comtcp
> dpt:smtp
> ACCEPT tcp -- anywhere mkc-65-26-126-218.kc.rr.comtcp
> dpt:www
> ACCEPT tcp -- anywhere mkc-65-26-126-218.kc.rr.comtcp
> dpt:5190
> DENIED_PORT_PRIV tcp -- anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:0:112
> DENIED_PORT_PRIV udp -- anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:0:112
> DENIED_PORT_PRIV tcp -- anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:114:1023
> DENIED_PORT_PRIV udp -- anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:114:1023
> DENIED_PORT_UNPRIV_TCP tcp -- anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpt:2049
> DENIED_PORT_UNPRIV_UDP udp -- anywhere
> mkc-65-26-126-218.kc.rr.comudp dpt:2049
> DENIED_PORT_UNPRIV_TCP tcp -- anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:x11:x11-5
> DENIED_PORT_UNPRIV_UDP udp -- anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:x11:x11-5
> DENIED_PORT_UNPRIV_TCP tcp -- anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:12345:12346
> DENIED_PORT_UNPRIV_UDP udp -- anywhere
> mkc-65-26-126-218.kc.rr.comudp dpts:12345:12346
> DENIED_PORT_UNPRIV_TCP tcp -- anywhere
> mkc-65-26-126-218.kc.rr.comtcp dpts:1024:65535
> DROP icmp -- anywhere mkc-65-26-126-218.kc.rr.com
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain DENIED_PORT_PRIV (4 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> LOG all -- anywhere anywhere LOG level
> notice prefix `TL0G_DENIED_PORT_PRIV: '
> DROP all -- anywhere anywhere
>
> Chain DENIED_PORT_UNPRIV_TCP (4 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> LOG all -- anywhere anywhere LOG level
> notice prefix `TL0G_DENIED_PORT_T-UNPRIV: '
> DROP all -- anywhere anywhere state
> INVALID,NEW
>
> Chain DENIED_PORT_UNPRIV_UDP (3 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> notice prefix `TL0G_DENIED_PORT_U-UNPRIV: '
> DROP all -- anywhere anywhere
>
> Chain ONTHEFLY (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere LOG level
> notice prefix `TL0G_ONTHEFLY: '
> DROP all -- anywhere anywhere
> root at portal:[144]~ iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain POSTROUTING (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain CHAIN_NAT (0 references)
> target prot opt source destination
>
> THE OFFENDING HOST THAT IS GETTING THROUGH
> ====================================================
> root at portal:[145]~ !ho
> host 64.236.7.85
> Name: bb2-den-P7-0.atdn.net
> Address: 64.236.7.85
More information about the Kclug
mailing list