I already tried reject, I'll give an example to clarify my problem. Removed all iptable rules an when running a nmap scan (remotely) I get the following output:
PORT STATE SERVICE 25/tcp open smtp 80/tcp open http 110/tcp open pop3 199/tcp open smux 3306/tcp open mysql I then inserted the following rules: - IPTABLES -A INPUT -t tcp --destination-port 25 -j REJECT - IPTABLES -A INPUT -t tcp --destination-port 80 -j REJECT - IPTABLES -A INPUT -t tcp --destination-port 199 -j REJECT Did a new scan and nmap returned: PORT STATE SERVICE 25/tcp open smtp 110/tcp open pop3 3306/tcp open mysql So even if I reject port 25, nmap detects it as open. And if I reject port 80, nmap detects it as being closed. Hope this give a better image of my problem. Thanx Ronald -----Original Message----- From: Raffaele D'Elia [mailto:[EMAIL PROTECTED] Sent: maandag 26 januari 2004 14:06 To: Ronald Laarman; [email protected] Subject: RE: Iptables can't close port 25 and 110 -----Original Message----- From: "Ronald Laarman" <[EMAIL PROTECTED]> To: <[email protected]> Cc: <[EMAIL PROTECTED]> Date: Mon, 26 Jan 2004 13:53:00 +0100 Subject: RE: Iptables can't close port 25 and 110 > I know the difference between 'rejecting' and 'dropping' packages but > how come iptables -P INPUT DROP will close of port 80. iptables cannot close any port. You can only make another box believe that port closed. This is done sending the same rst packet that a closed port sends. So you a remote attacker must see the rst packet; otherwise it'll know you have firewalled an open port. Drop is not the correct answer: try reject... Radel ************************************************************************ ** Questo messaggio puo' contenere informazioni di carattere estremamente riservato e confidenziale. Qualora non foste i destinatari, vogliate immediatamente informarci con lo stesso mezzo ed eliminare il messaggio, con gli eventuali allegati, senza trattenerne copia. Qualsivoglia utilizzo non autorizzato del contenuto di questo messaggio costituisce violazione dell'obbligo di non prendere cognizione della corrispondenza tra altri soggetti, salvo piu' grave illecito, ed espone il responsabile alle relative conseguenze civili e penali. This message is being sent from Starcom Italia Srl and may contain information which is confidential or privileged. If you are not the intended recipient, please advise the sender immediately by reply e-mail and delete this message and any attachments without retaining a copy. Any unauthorized use of the content of this message is a breach of your duty to respect the confidentiality of the correspondence between other persons and can expose the responsible party to civil and/or criminal penalties, and may constitute a more serious offense. ************************************************************************ **
