[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] IPChains question
- Subject: Re: [cobalt-security] IPChains question
- From: Marc Soda <msoda@xxxxxxxxx>
- Date: Thu, 12 Apr 2001 16:09:44 -0400 (EDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Skipping the '-s' option is just like saying '-s 0.0.0.0/0', which means
all.
On Thu, 12 Apr 2001, Carrie Bartkowiak wrote:
> I've decided I'm tired of seeing all of these port 137 connections
> from idiots thinking I run a Linux box, and I just want to block
> anything from coming in to that port.
> Searching through the cobalt-users archives I found this from Brian
> Curtis:
> ----------------------------------------------------------------------
> ------
> $ ipchains -I input 1 -p tcp -s 192.168.0.1 --destination-port 137 -j
> DENY
>
> (Modify and/or replicate to suit your needs. Explanation below**.)
>
> Will insert the following as rule #1 into the 'input' chain:
>
> target prot opt source destination ports
> DENY tcp ------ 192.168.0.1 0.0.0.0/0 * -> 137
>
> This will only block 192.168.0.1 from connecting to port 137 anywhere
> on your box *without* logging any connection attempts.
>
> **
> -I input 1 : insert rule into chain 'input' at position #1
> -p tcp : protocol this rule applies to (tcp assumed in this case)
> -s 192.168.0.1 : source IP of connection to filter (offender)
> --destination-port 137 : specific port to block connections to
> -j DENY : what do with do with this connection? (DENY w/o response)
> **
> ----------------------------------------------------------------------
> -----
>
> My question is, how do I stop ALL incoming packets on 137, not just
> from one IP?
> Would it be this:
> $ ipchains -I input 1 -p tcp -s ALL --destination-port 137 -j DENY
> or could I simply skip the -s flag like so:
> $ ipchains -I input 1 -p tcp --destination-port 137 -j DENY
>
> TIA
>
> CarrieB
>
>
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
- --
Marc Soda
ASPRE, Inc.
marc@xxxxxxxxx
http://www.aspre.net/
Managed e-Business Application Services
- ---------------------------------
t. 215.957.2266 Ext. 2144
f. 215.957.2277
c.215.840.1633
113 Rock Road
Horsham, PA 19044
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE61guY8/oGPCGMSEgRAoxwAKDArbUmXvcST57BSt1xk1Ob0jlGswCfVoNP
OVAJUfsh74RJjzfsVa6xhAQ=
=wyWH
-----END PGP SIGNATURE-----