Hey Guys, I run Shorewall 3.4.2 on a Ubuntu 6.06 server machine. My default policy is drop any, my rules begin with drop any and end with drop any After editing the files /usr/share/shorewall/action.Drop and Reject I was able to steath Port 113. But Port 1 (tcpmux) is still only closed. Does anybody know how to steath this port too? Thx and regards, Marc ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Marc Mertes wrote:> Hey Guys, > > I run Shorewall 3.4.2 on a Ubuntu 6.06 server machine. > My default policy is drop any, > my rules begin with drop any and end with drop anyA real belt and suspenders man, I see.> > After editing the files /usr/share/shorewall/action.Drop and Reject > I was able to steath Port 113.Two things. a) The next time that you upgrade Shorewall, your changes to those files will be overwritten. You need to copy the files to /etc/shorewall then modify the copies. b) Don''t come complaining to the list if you have outgoing connection problems. For example, you will probably have difficuly connecting to IRC.> But Port 1 (tcpmux) is still only closed. > Does anybody know how to steath this port too?Shorewall''s default setup has no rules whatsoever for port 1. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Hi Tom, thx for your reply, and no worries, I won´t complain the list if I get outgoing connection problems :-) I wanna run the FW so tight as possible, and IRC isn´t needed. But it´s a bit weird, the Port 1 (tcpmux) ist still only closed and I have no idea why. I told about my policys and rules.. Any ideas how to stealth it? To the actions.Drop and Reject files: In /etc/shorewall I have no files like that right now, do you mean that I should copy the files there with the same name, that I have the .Drop and Reject files in /etc/shorewall? Greez Marc Tom Eastep wrote:> Marc Mertes wrote: > >> Hey Guys, >> >> I run Shorewall 3.4.2 on a Ubuntu 6.06 server machine. >> My default policy is drop any, >> my rules begin with drop any and end with drop any >> > > A real belt and suspenders man, I see. > > >> After editing the files /usr/share/shorewall/action.Drop and Reject >> I was able to steath Port 113. >> > > Two things. > > a) The next time that you upgrade Shorewall, your changes to those files > will be overwritten. You need to copy the files to /etc/shorewall then > modify the copies. > > b) Don''t come complaining to the list if you have outgoing connection > problems. For example, you will probably have difficuly connecting to IRC. > > >> But Port 1 (tcpmux) is still only closed. >> Does anybody know how to steath this port too? >> > > Shorewall''s default setup has no rules whatsoever for port 1. > > -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >-- Freundliche Grüße Marc Mertes Meteorologisches Institut der Universität Bonn - Systemadministration - Auf dem Hügel 20 53121 Bonn, Germany E-Mail: mertes@uni-bonn.de Telefon: 0228/73-5194 Telefax: 0228/73-5188 ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Marc Mertes wrote:> Hi Tom, > > thx for your reply, and no worries, I won´t complain the list if I get > outgoing connection problems :-) > > I wanna run the FW so tight as possible, and IRC isn´t needed. > But it´s a bit weird, the Port 1 (tcpmux) ist still only closed and I > have no idea why. > I told about my policys and rules.. > Any ideas how to stealth it?First of all, you need to determine if the probes to port 1 are even reaching your firewall. Are you using one of those silly online services that give you a report about your firewall? If so, any router between the online service and your firewall can influence the outcome -- you need to use a packet sniffer to determine if the port 1 probes are even reaching your firewall.. And if you find that they are, we are going to need something more than a vague description of your configuration. See http://www.shorewall.net/support.htm#Guidelines.> > To the actions.Drop and Reject files: > In /etc/shorewall I have no files like that right now, do you mean that > I should copy the files there > with the same name, that I have the .Drop and Reject files in > /etc/shorewall?Yes. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/