iptables: 0.0.38.69 ACCEPT?

Question

Just looking at the firewall rules on a Debian Lenny box with "iptables -L". One entry is scaring me:

ACCEPT all -- 0.0.38.69 anywhere
ACCEPT all -- anywhere 0.0.38.69

This is not coming from any of my scripts - what could it be?

Thanks!

From which chain / table did you get these rules? – Khaled Dec 16 '10 at 12:19 — Khaled, Dec 16 '10 at 12:19

score 4 · Answer 1 · answered Dec 16 '10 at 12:38

4

0.0.0.0/8 is not a usefully routeable netblock. (See this bogons reference), so I'd say it's more likely a broken iptables invocation, rather than anything nasty.

Converting that IP to a single, decimal number (calc here), it becomes 9797, which looks more like a port number. Stretching my guess, you may have a broken $VARIABLE reference in your iptables script that's expanding to an empty string, leaving a port number in the wrong place. That's where I'd start looking, anyway.

answered Dec 16 '10 at 12:38

SmallClanger

9,127
1
32
47

1

While I agree with your post, I also want to note that it's not uncommon for malicious users to "hijack" unused/unassigned IP networks to use for their purposes... – Dan Dec 16 '10 at 12:51
Good catch as well--would never have guessed that it may be a port substituted for an IP! – Andrew M. Dec 16 '10 at 13:15
SmallClanger you rock! It was a bad port 9797 rule. Thanks. – Frank Brenner Dec 16 '10 at 22:53

iptables: 0.0.38.69 ACCEPT?

1 Answers1