RE: Blocking Ports from showing up in scans
Search on freshmeat.net (or google) for rc.firewall, firemasq and firedog
You'll find examples of scripts that use IP chains.
You can learn from those examples. rc.firewall is actually a script that
enables rules such as, "deny anyone from the outside pretending to be an
inside address", etc.
You can then create a rule that says basically:
source 10.0.0.0/24 port 111 destination $internalinterface port 111 allow
source 0.0.0.0/24 port 111 destination $externalinterface port 111 deny
The regular rc.firewall won't have the port specific blocks, but firedog and
firemasq do.
Cory
-----Original Message-----
From: Phill Kenoyer [mailto:phill@kenoyer.com]
Sent: Tuesday, November 21, 2000 1:15 PM
To: Debian Firewall List
Subject: Blocking Ports from showing up in scans
I have a small masq/web server on a DSL. I would like to make it a bit more
secure. Its a default install of debian. I have nfs and samba running for
my workstations to have access to the box. I have most things turned off
like telnet and ftp. What I would like to do is block a few ports from the
outside, but keep them for the local net. I dont really want to learn
ipchains, because I dont have the time right now. I've very busy, and I
would just like to do my work, but an example of how to do this would teach
me a great deal. I have not found anything on web searches that would build
the rules for me, that would run on a server without X installed. If anyone
is willing to do the rules for me, I would really be happy. Thanks.
eth0 is 10.0.0.1, private
eth1 is public.
My private network is using 10.0.0.x.
ip_masq deb is installed.
I have the following ports open on my server. I have marked with * the ones
that I want to close off to the outside, and have them not show up in a port
scan.
(The 1505 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
*111/tcp open sunrpc
113/tcp open auth
*139/tcp open netbios-ssn
389/tcp open ldap
443/tcp open https
*515/tcp open printer
*829/tcp open unknown
*899/tcp open unknown
*983/tcp open unknown
*2049/tcp open nfs
*3306/tcp open mysql
*5432/tcp open postgres
--
_ | _
(_()(|('.|)('||.|()|`|(
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: