arno's firewall script and port 69
This is a discussion on arno's firewall script and port 69 within the Linux Security forums, part of the System Security and Security Related category; I'm still pretty new at this linux stuff and followed some advice to use arno's firewall script to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-21-2003
|
|||
|
|||
arno's firewall script and port 69
I'm still pretty new at this linux stuff and followed some advice to
use arno's firewall script to set up iptables. Am trying to understand what it's doing, but there's a bunch of stuff there. The iptables entry I'm having a hard time understanding is :-A INPUT -d 255.255.255.255 -i ppp+ -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT note - the : at beginning of line is to prevent line wrap and is not part of the iptables entry. Why would I want to accept new traffic on port 69 (trivial ftp)? As far as I know I'm not running any services on that port, but how could I prove that belief? What does the -d 255.255.255.255 signify? 
|
|
10-21-2003
|
|||
|
|||
|
Re: arno's firewall script and port 69
vince <nobody@home.invalid> wrote:
> Why would I want to accept new traffic on port 69 (trivial ftp)? You do not want TFTP, so the TFTP port should not be open. > What does the -d 255.255.255.255 signify? man iptables tells us: -d, --destination [!] address[/mask] Destination specification. See the description of the -s (source) flag for a detailed description of the syntax. The flag --dst is an alias for this option. VB. -- X-Pie Software GmbH Postfach 1540, 88334 Bad Waldsee Phone +49-7524-996806 Fax +49-7524-996807 mailto:vb@x-pie.de http://www.x-pie.de
|
|
10-22-2003
|
|||
|
|||
|
Re: arno's firewall script and port 69
A good place to start is the following IP tables tutorial
http://iptables-tutorial.frozentux.net/ This rule you most definately want to delete. It allows to accept Broadcasts (-d 255.255.255.255) to the tftp port from your ppp network device, which is most likely your Modem. It is used to boot Xterminals over the network. They recieve there booting kernel over tftp. To see which services you are running on your machine run netstat -na and check for tcp or udp ports that are marked LISTEN or ESTABLISHED Or use nmap to do a portscan on your machine. Bye, Peter > The iptables entry I'm having a hard time understanding is > :-A INPUT -d 255.255.255.255 -i ppp+ -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT > note - the : at beginning of line is to prevent line wrap and is not > part of the iptables entry. > > Why would I want to accept new traffic on port 69 (trivial ftp)? As > far as I know I'm not running any services on that port, but how could > I prove that belief? > > What does the -d 255.255.255.255 signify?
|
|
10-22-2003
|
|||
|
|||
|
Re: arno's firewall script and port 69
On Wed, 22 Oct 2003 22:23:53 +0200, "Peter Eberz"
<peter.eberz@gmx.net> wrote: >This rule you most definately want to delete. It allows to accept Broadcasts >(-d 255.255.255.255) to the tftp port from your ppp network device, which is >most likely your Modem. It is used to boot Xterminals over the network. >They recieve there booting kernel over tftp. Volker, Peter, Thank you for the help and explanations. I was quite suspicious of having a port below 1024 open to the internet. Now I have the courage to modify that rule. Have been using netstat right along and haven't seen anything unexpected. Took the nudge to use nmap and things are looking clean from it, too. Thanks again.
|
Linear Mode
