Hit tud, do you think it would help those who follow the guide to have the loopback interface allowed in the script i gave ?
I didn't put it in the example because i thought that most of the users won't need it.
Hit tud, do you think it would help those who follow the guide to have the loopback interface allowed in the script i gave ?
I didn't put it in the example because i thought that most of the users won't need it.
No it don work for the code loopback,
Your firewall script doesn't pass the stealth test of that site. Anyone can confirm this?Perform the stealth, udp and tcp scan here :
http://scan.sygate.com/
All ports should be seen as blocked
Are you sure the firewall is running ?
Did you customise the example i gave ?
I have no problem with my script (a bit different from the example) and i pass all the tests on this site.
BTW, what result did you get with the stealth scan ?
Yes, it's running. I only changed the interface (eth0) to ppp0. I didn't touch the rest.
That site sees all ports as STEALTH, but the Sygate scan only sees them as BLOCKED.This site is not bad too : https://grc.com/x/ne.dll?bh0bkyd2
Have you tested both sites with the actual firewall you posted (I mean not your own modified version) ?
Ok, on the sygate site they use the term blocked for a port which is closed and stealth, it's explained on the top of the steath scan page :
So it's all good man 8) , and of course i tested the example with the 2 sites and also with nmap.
Last edited by frodon; July 27th, 2006 at 01:30 PM.
Sorry, my mistake: in my previous post I meant CLOSED (not BLOCKED). It's too late over here
So the problem persists: somehow the scanner sees the port.
Hum there's something weird, i trust the sygate site more than others so if the sygate scan return the CLOSED status threre's a problem somewhere.
Just in case, post your firewall script, maybe there's a typo or a mistake somewhere.
i use this script too without the dcc & amule ports and results were:
shileds up scan : sees ports from 1023 - 1056 (scans only the first 1056 tcp ports) as closed and not blocked which results to a failed test.
sygate quick scan: sees all ports that scans for trojans as closed not blocked. all other tests (including stealth scan) pass
dolby, did you cut & paste from the forum or the UDSF guide ?
just to be sure that the firewall is running, run this command : sudo /etc/init.d/firewall restart
Then to check that the rules are active run a : sudo iptables -L
You should see a lot of rules.
My own script is really similar to the example but with outgoing filtering but even without outgoing filtering i pass all the tests that's why there's something which seems weird to me.
If you wish to see my own script, it is there :
Last edited by frodon; July 27th, 2010 at 10:28 AM. Reason: obsolete link
Bookmarks