Eamon Caddigan <[EMAIL PROTECTED]> wrote: > SN <[EMAIL PROTECTED]> wrote: >> >> ----- Original Message ----- >> From: "Jorge Almeida" <[EMAIL PROTECTED]> >>> (The 1597 ports scanned but not shown below are in state: closed) >>> Port State Service >>> 6/tcp filtered unknown >>> 25/tcp filtered smtp >>> 80/tcp open http >>> 135/tcp filtered loc-srv >> >> Okay the output here means, the firewall is blocking 6, 25,135, since they >> show up here you didn't completely drop all packages, but only block them, >> this is usually safe. > > What exactly is the difference? > > I ask because I'm also running shorewall, and although I've closed all > but a couple ports, I get the following results when running nmap from > an outside machine: > > (The 1527 ports scanned but not shown below are in state: filtered) > Port State Service > 113/tcp closed auth > 139/tcp closed netbios-ssn > 445/tcp closed microsoft-ds > > Interestingly, I need to run 'nmap -PT<port> <ip>', where <port> is one > of the ports I've opened, to make nmap realize the host isn't down. > Presumably, this is because port 80 is closed -- but why would it, and > all others, be reported as "filtered"?
After following the recent... "discussion" on gentoo-security, I realized that the real difference between "closed" and "filtered" ports is whether iptables is REJECTing or DROPping the packets. A quick change in /etc/shorewall/policy has nearly all of my ports turn up "closed" in an nmap scan, with a couple still being reported as filter. My only remaining concern is a handful of ports (135, 4444, 6666-6668) that aren't specifed anywhere in my shorewall configuration, but are still dropping packets. Anyone know why these aren't closed? -Eamon -- [EMAIL PROTECTED] mailing list