another quick question
Askar
askarali at gmail.com
Mon Sep 20 10:02:57 CEST 2004
hi again
My second question of the day is pls first check these few rules from
our firewall scirpt
iptables -A INPUT -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -A INPUT -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -A FORWARD -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -A FORWARD -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -t nat -A PREROUTING -p TCP -s 0/0 -d 0/0 --dport 135:140 -j DROP
iptables -t nat -A PREROUTING -p UDP -s 0/0 -d 0/0 --dport 135:140 -j DROP
aren't there are unnecessary repitions ? port that is Dropped in
FOWARD chain is again Dropped in PREROUTING chain, and also why he (my
predecssor) droping such port in INPUT table ? aren't it unnecessary,
coz it a linux box no port 135:140 are open on our fw machine.
Today I just deletes are PREROUTING rules and now im getting counts
for packets drops on FOWARD table.
regards
askar
--
(after bouncing head on desk for days trying to get mine working, I'll make
yer life a little easier)
More information about the netfilter
mailing list