another quick question

All of lore.kernel.org
 help / color / mirror / Atom feed

* another quick question
@ 2004-09-20  8:02 Askar
  2004-09-20  8:48 ` George Alexandru Dragoi
  2004-09-20 10:02 ` Chris Brenton
  0 siblings, 2 replies; 3+ messages in thread
From: Askar @ 2004-09-20  8:02 UTC (permalink / raw)
  To: netfilter

hi again
My second question of the day is pls first check these few rules from
our firewall scirpt

iptables -A INPUT -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -A INPUT -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -A FORWARD -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -t nat -A PREROUTING -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -t nat -A PREROUTING -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP

aren't there are unnecessary repitions ? port that is Dropped in
FOWARD chain is again Dropped in PREROUTING chain, and also why he (my
predecssor) droping such port in INPUT table ? aren't it unnecessary,
coz it a linux box no port 135:140 are open on our fw machine.

Today I just deletes are PREROUTING rules and now im getting counts
for packets drops on FOWARD table.

regards
askar


-- 
(after bouncing head on desk for days trying to get mine working, I'll make
yer life a little easier)


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: another quick question
  2004-09-20  8:02 another quick question Askar
@ 2004-09-20  8:48 ` George Alexandru Dragoi
  2004-09-20 10:02 ` Chris Brenton
  1 sibling, 0 replies; 3+ messages in thread
From: George Alexandru Dragoi @ 2004-09-20  8:48 UTC (permalink / raw)
  To: netfilter

It is strongly related to the other question, same RPC/DCOM problems.


On Mon, 20 Sep 2004 14:02:57 +0600, Askar <askarali@gmail.com> wrote:
> hi again
> My second question of the day is pls first check these few rules from
> our firewall scirpt
> 
> iptables -A INPUT -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -A INPUT -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -A FORWARD -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -t nat -A PREROUTING -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -t nat -A PREROUTING -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> 
> aren't there are unnecessary repitions ? port that is Dropped in
> FOWARD chain is again Dropped in PREROUTING chain, and also why he (my
> predecssor) droping such port in INPUT table ? aren't it unnecessary,
> coz it a linux box no port 135:140 are open on our fw machine.
> 
> Today I just deletes are PREROUTING rules and now im getting counts
> for packets drops on FOWARD table.
> 
> regards
> askar
> 
> --
> (after bouncing head on desk for days trying to get mine working, I'll make
> yer life a little easier)
> 
> 



-- 
Bla bla


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: another quick question
  2004-09-20  8:02 another quick question Askar
  2004-09-20  8:48 ` George Alexandru Dragoi
@ 2004-09-20 10:02 ` Chris Brenton
  1 sibling, 0 replies; 3+ messages in thread
From: Chris Brenton @ 2004-09-20 10:02 UTC (permalink / raw)
  To: Askar; +Cc: netfilter

On Mon, 2004-09-20 at 04:02, Askar wrote:
>
> iptables -A INPUT -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -A INPUT -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -A FORWARD -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -t nat -A PREROUTING -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> iptables -t nat -A PREROUTING -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
> 
> aren't there are unnecessary repitions ?

Agreed. The "proper" place for filtering rules is the INPUT and/or
FORWARD chain. You should be able to delete the two PREROUTING rules
without a problem.

> also why he (my
> predecssor) droping such port in INPUT table ? aren't it unnecessary,
> coz it a linux box no port 135:140 are open on our fw machine.

Unless you run SAMBA. ;-)

My guess is it was done to keep the traffic from hitting a later logging
rule, but its hard to say without seeing the entire rule base. It could
also have something to do with the "permit what has not been denied"
policy you mentioned in your last e-mail. Either way, it should not hurt
anything and its a good idea to block outbound NetBIOS/IP if your
organization does not need it to do business. Attackers can use it to
transfer a rootkit onto the system. If the ports are blocked, their
lives become just a little bit harder.

HTH,
Chris

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2004-09-20 10:02 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-20  8:02 another quick question Askar
2004-09-20  8:48 ` George Alexandru Dragoi
2004-09-20 10:02 ` Chris Brenton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.