[clue-talk] iptables question
Crawford Rainwater
crawford.rainwater at linux-etc.net
Mon Dec 27 09:23:29 MST 2004
On Mon, 2004-12-27 at 09:13, Joe "Zonker" Brockmeier wrote:
> On Mon, 27 Dec 2004 08:40:55 -0700, Crawford Rainwater
> <crawford.rainwater at linux-etc.net> wrote:
> > Been playing around with iptables recently (and yes, it has been a
> > while) and noticed that there is no longer a DENY policy, just ACCEPT
> > and DROP. I am guessing DROP = DENY these days, but when I run nmap, I
> > see for various ports "open|filtered" by them vs. "closed". What am I
> > missing here? Yes I know
>
> Have you tried REJECT? ie,
>
> iptables -A INPUT -o eth0 -p tcp -dport 1433 -j REJECT
>
> That should show up as closed.
I can try that again since I did individual port ranges for that
initially, then recalled the overall base policy could be set for DROP
(though I seem to keep recalling a DENY in there a while back, maybe
that is from my ipchains days).
Will post results later. Thanks Zonker.
--- Crawford
More information about the clue-talk
mailing list