[PATCH] Unspecified proto should print as "all" in iptables -L
Carl-Daniel Hailfinger
c-d.hailfinger.devel.2006 at gmx.net
Thu May 3 19:45:19 CEST 2007
On 03.05.2007 19:31, Phil Oester wrote:
> On Thu, May 03, 2007 at 06:33:47PM +0200, Carl-Daniel Hailfinger wrote:
>> On 03.05.2007 18:16, Jorge Davila wrote:
>>> Well, it's because some users inside the internal networks under my
>>> administration visit http://www.grc.com/ and run the Shields Up! to see
>>> the open ports in the gateways and they see the port 0 open. That was
>>> the reason to apply the rule.
>> Ah cool, that's another datapoint when trying to guess the firewall
>> ruleset. Port 0 not filtered roughly means "default policy is ACCEPT".
>> (Well, not quite. But close.)
>
> Let's be clear here...we aren't talking about _PORT_ zero. We're talking
> about _PROTOCOL_ zero. Can you please elaborate on the specific need
> to filter _PROTOCOL_ zero?
Sorry, my bad. There is no specific need on my side. It's just that
some creative use of nmap enables me to learn more about target systems.
I am entirely happy with the current situation.
Regards,
Carl-Daniel
More information about the netfilter-devel
mailing list