Securing a Firewall

Securing a Firewall

[Ronny Fauth]

How can i secure my iptables? I want to stealth all my ports and i want
that no ping is awnsered. If a port is stealthed can i access that port?

thnx

regards

RE: Securing a Firewall

[Rob Sterenborg]

> How can i secure my iptables? I want to stealth all my ports 
> and i want that no ping is awnsered. If a port is stealthed 

Perhaps : iptables -P INPUT DROP
In which case you will not be able to reach your machine over the network.
But I think this is not what you want because then you wouldn't be receiving
the packets that some host *sent back to you*, in reply to your request.
To avoid this you would at least have :

iptables -P INPUT DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

> can i access that port?

No. A port has to be open to accept connections to it.

If a port is filtered (in your words : stealth), nmap will show "filtered".
If a port is open and has a service listening on it, nmap will show "open".
If a port is open and has no service listening on it, nmap will show
"closed".


Gr,
Rob

Re: Securing a Firewall

[Frank Gruellich]

* Ronny Fauth <jadefalkner@imperium-noctem.de> 27. Mar 04:
> How can i secure my iptables?

RTFM.  What do you want to protect from what?

> I want to stealth all my ports and i want that no ping is awnsered.

Why do you intend to break common internet standards?  'Stealth' is
useless, 'stealth' is not security, 'stealth' is marketing.  Simply
don't do it (without good reasons).

> If a port is stealthed can i access that port?

No,
 regards, Frank.
-- 
Sigmentation fault