[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] IPChains question

Subject: RE: [cobalt-security] IPChains question
From: Richard Badua <RBadua@xxxxxxxxx>
Date: Thu, 12 Apr 2001 09:57:47 -1000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Try this:

ipchains -I input 1 -p tcp -s 0/0 -d 0/0 137 -j DENY

You could use DENY or REJECT. DENY will give the sender a "request timed
out" message while the REJECT will give a "Destination Unreachable"

Rich

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Carrie
Bartkowiak
Sent: Thursday, April 12, 2001 9:13 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] IPChains question


I've decided I'm tired of seeing all of these port 137 connections
from idiots thinking I run a Linux box, and I just want to block
anything from coming in to that port.
Searching through the cobalt-users archives I found this from Brian
Curtis:
----------------------------------------------------------------------
------
$ ipchains -I input 1 -p tcp -s 192.168.0.1 --destination-port 137 -j
DENY

(Modify and/or replicate to suit your needs.  Explanation below**.)

Will insert the following as rule #1 into the 'input' chain:

target   prot   opt      source        destination   ports
DENY     tcp    ------   192.168.0.1   0.0.0.0/0     * ->   137

This will only block 192.168.0.1 from connecting to port 137 anywhere
on your box *without* logging any connection attempts.

**
-I input 1 : insert rule into chain 'input' at position #1
-p tcp : protocol this rule applies to (tcp assumed in this case)
-s 192.168.0.1 : source IP of connection to filter (offender)
--destination-port 137 : specific port to block connections to
-j DENY : what do with do with this connection? (DENY w/o response)
**
----------------------------------------------------------------------
-----

My question is, how do I stop ALL incoming packets on 137, not just
from one IP?
Would it be this:
$ ipchains -I input 1 -p tcp -s ALL --destination-port 137 -j DENY
or could I simply skip the -s flag like so:
$ ipchains -I input 1 -p tcp --destination-port 137 -j DENY

TIA

CarrieB



_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- Re: [cobalt-security] IPChains question
  - From: Carrie Bartkowiak

Prev by Date: Re: [cobalt-security] IPChains question
Next by Date: Re: [cobalt-security] IPChains question
Previous by thread: Re: [cobalt-security] oracle web site / database security
Next by thread: Re: [cobalt-security] IPChains question

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index