On 2007-10-23 Bryn Moslow wrote: > Chain INPUT (policy ACCEPT) > target prot opt source destination > DROP udp -- anywhere anywhere udp dpt:sunrpc [...] > rpcinfo -p n.n.n.n > No remote programs registered. [...] > PORT STATE SERVICE > 111/udp open|filtered rpcbind [...] > I've tried turning the DROP into a LOG (level debug) and don't see any > logging entries either. What am I missing?
That RPC uses TCP as well as UDP. The output of nmap shows that your UDP filter is working just fine. However, since "rpcinfo -p" uses TCP the rule simply doesn't apply. And I seriously doubt that the rule works on i686. iptables -A INPUT -p tcp --dport 111 -j REJECT --reject-with tcp-reset Besides, blacklisting ports is a bad idea. Whitelist what you want to allow, and reject everything else. Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
