On Thursday 06 September 2001 19.54, dog@intop.net wrote:
well, when i do a port scan and have DENY in the firwall rules, i get the message that the port is in a filtered state. maybe this is just my thinking, but if its filtered, then there must be a daemon listening on that port. why would i filter access to the port if there is nothing listening on that port. so i use REJECT so that the port does not even
Well, if you have only a few services running, it's a lot simpler to have policy DENY (or REJECT) and just open up the ports you need, than to have policy ACCEPT and close the ports you have programs listening on but don't want exposed on the net. This is the default behaviour of SuSEfirewall, and I assume all other firewall programs as well. I don't think it's possible for a scanner to tell the difference between a blanket DENY rule, and a port that has a rule like src ip != some.allowed.machine.com, so the use of the word 'filtered' here is I believe a bit wrong. The words 'open' and 'closed' here also doesn't reflect the way TCP/IP ports work, IMHO
show up as filtered but rather closed. and just because the port is unfiltered doesnt mean that someone cannot connect to it. telnet, ftp, ssh, etc can all be blocked with /etc/hosts.allow, and i use this, along with ipchains/iptables rules to block access as well.