[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] IPChains question
- Subject: RE: [cobalt-security] IPChains question
- From: Richard Badua <RBadua@xxxxxxxxx>
- Date: Thu, 12 Apr 2001 09:57:47 -1000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Try this:
ipchains -I input 1 -p tcp -s 0/0 -d 0/0 137 -j DENY
You could use DENY or REJECT. DENY will give the sender a "request timed
out" message while the REJECT will give a "Destination Unreachable"
Rich
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Carrie
Bartkowiak
Sent: Thursday, April 12, 2001 9:13 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] IPChains question
I've decided I'm tired of seeing all of these port 137 connections
from idiots thinking I run a Linux box, and I just want to block
anything from coming in to that port.
Searching through the cobalt-users archives I found this from Brian
Curtis:
----------------------------------------------------------------------
------
$ ipchains -I input 1 -p tcp -s 192.168.0.1 --destination-port 137 -j
DENY
(Modify and/or replicate to suit your needs. Explanation below**.)
Will insert the following as rule #1 into the 'input' chain:
target prot opt source destination ports
DENY tcp ------ 192.168.0.1 0.0.0.0/0 * -> 137
This will only block 192.168.0.1 from connecting to port 137 anywhere
on your box *without* logging any connection attempts.
**
-I input 1 : insert rule into chain 'input' at position #1
-p tcp : protocol this rule applies to (tcp assumed in this case)
-s 192.168.0.1 : source IP of connection to filter (offender)
--destination-port 137 : specific port to block connections to
-j DENY : what do with do with this connection? (DENY w/o response)
**
----------------------------------------------------------------------
-----
My question is, how do I stop ALL incoming packets on 137, not just
from one IP?
Would it be this:
$ ipchains -I input 1 -p tcp -s ALL --destination-port 137 -j DENY
or could I simply skip the -s flag like so:
$ ipchains -I input 1 -p tcp --destination-port 137 -j DENY
TIA
CarrieB
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security