> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> DROP udp -- anywhere anywhere udp dpt:sunrpc
[...]
> rpcinfo -p n.n.n.n
> No remote programs registered.
[...]
> PORT STATE SERVICE
> 111/udp open|filtered rpcbind
[...]
> I've tried turning the DROP into a LOG (level debug) and don't see any
> logging entries either. What am I missing?
That RPC uses TCP as well as UDP.
The output of nmap shows that your UDP filter is working just fine.
However, since "rpcinfo -p" uses TCP the rule simply doesn't apply.
And I seriously doubt that the rule works on i686.
iptables -A INPUT -p tcp --dport 111 -j REJECT --reject-with tcp-reset
Besides, blacklisting ports is a bad idea. Whitelist what you want to
allow, and reject everything else.
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment