El mié, 13-08-2003 a las 05:07, Thomas Gamble escribió: > I have been trying to get iptables set up on my gateway machine, but it isn't > working like I think it should. I have the following entry in the > rc.firewall script to block incoming SYN packets: > > EXT_IF="ppp0" > IPTABLES="//sbin/iptables" > $IPTABLES -A INPUT -i $EXT_IF -p tcp ! --syn -j ACCEPT > > yet ethereal shows these getting through: > > Source port: 1302 (1302) > Destination port: 135 (135) > Sequence number: 2684291305 > Header length: 28 bytes > Flags: 0x0002 (SYN) > 0... .... = Congestion Window Reduced (CWR): Not set > .0.. .... = ECN-Echo: Not set > ..0. .... = Urgent: Not set > ...0 .... = Acknowledgment: Not set > .... 0... = Push: Not set > .... .0.. = Reset: Not set > .... ..1. = Syn: Set > .... ...0 = Fin: Not set
dunno about that one, and i don't have the time to study it.. i'll check it out later. > I also have the following: > > $IPTABLES -A FORWARD -i $EXT_IF -p tcp --dport 135 -s 0.0.0.0/0 -j DROP why check source address when you are trying to block it completely? Remove the -s 0.0.0.0/0 and try again. And where exactly are you trying to block them? Wouldn't it be simpler if you just blocked them at INPUT? Also, check the order in which you add the rules. If prior to this rule you added a rule that sends these packets to ACCEPT, then iptables will think it already knows what it has to do and won't bother checking with the next one. > which should block packets detined for port 135, but also seems ineffective. > What might be the problem? The above is just a snippet from the rc.firewall > script. I can post it in its entirety if that would help. >
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
