0

I configured iptables with the following rules:

iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED, RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

but nmap accuses three other ports besides the 80, 22 and 53

root @ ns1: / # iptables -L
Chain INPUT (policy DROP)
target prot opt ​​source destination
ACCEPT all - anywhere anywhere
ACCEPT tcp - anywhere anywhere tcp dpt: ssh
ACCEPT tcp - anywhere anywhere tcp dpt: http
ACCEPT tcp - anywhere anywhere tcp dpt: https
ACCEPT all - anywhere anywhere ctstate RELATED, ESTABLISHED
ACCEPT tcp - anywhere anywhere tcp dpt: domain
ACCEPT udp - anywhere anywhere udp dpt: domain

Chain FORWARD (policy ACCEPT)
target prot opt ​​source destination

Chain OUTPUT (policy ACCEPT)
target prot opt ​​source destination
root @ ns1: / # nmap -vv 10.0.0.2
...
PORT STATE SERVICE
22 / tcp open ssh
53 / tcp open domain
80 / tcp open http
111 / tcp open rpcbind
139 / tcp open netbios-ssn
445 / tcp open microsoft-ds
...

What might be going on? I believe these ports 111 139 445 were not to appear

SoabTI
  • 133
  • 7

1 Answers1

0

Two points:

Remove the first rule that accepts anything from anywhere:

#iptables -D INPUT 1

Then take into account that any open connection will still be able to pass the iptables because it is already established before creating the rules, so maybe a service restart would fix it

felartu
  • 16
  • 2
  • The first rule is the loopback interface, removing it does not cause me inconvenience? – SoabTI Jun 09 '16 at 14:44
  • Obviously 10.0.0.2 is loopback as localhost and I did not know that rs. I ran nmap on another machine and got the expected resoltado, thanks for the help =) – SoabTI Jun 09 '16 at 15:05