Mailinglist Archive: opensuse (3644 mails)

< Previous Next >
Re: [SLE] firewall test... reason for worries?
  • From: zentara <zentara@xxxxxxxxxxxxx>
  • Date: Tue, 5 Mar 2002 18:08:06 -0500
  • Message-id: <20020305180806.5fa37ba2.zentara@xxxxxxxxxxxxx>
On Tue, 05 Mar 2002 22:55:05 +0100
Piet Roorda <prooroa@xxxxxxxxxx> wrote:

I have installed suse firewall 1&2 (suse 7.3) with masquerading other
computer was shut off, and did a firewall test at www.grc.com
my user name (they think), computername & workgroupname traceble
the port testing result:
port 113 ident: closed
port 5000 Upnp: closed

You are closed up, so no problems. It's just that those ports
are having their packets "returned" instead of "dropped" into oblivion.
The only way the scanner can tell you are "closed on a port" is if the
firewall returns the packet. If the firewall drops the packet, the scanner
dosn't know if you are online or not, it just waits forever for a response.

If you read the /sbin/SuSEFirewall2 script, it explains that port 113
is used as identification for some email servers and instead of "dropping"
the packets, it's preferrable to "return" them, so they at least know
your ip address is online. You can comment those lines out if you
wish, and your port 113 will be "stealth"....not responding. Most dialup
users can do this.

For port 5000, edit the /etc/rc.config.d/firewall2.rc.config file.
Set the following:
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain time ntp"

Then go back and run the test at grc.com

--
$|=1;while(1){print pack("h*",'75861647f302d4560275f6272797f3');sleep(1);
for(1..16){for(8,32,8,7){print chr($_);}select(undef,undef,undef,.05);}}


< Previous Next >
Follow Ups
References