On Sun, 2006-02-12 at 15:30 -0500, Jim Bassett wrote: > On Feb 12, 2006, at 3:22 PM, Craig White wrote: > > > On Sun, 2006-02-12 at 15:17 -0500, jim at datamantic.com wrote: > >> I have a CentOS 4.2 machine. lokkit shows that a firewall is > >> enabled, and it is customized to allow SSH, Web, and DNS traffic > >> only. > >> > >> But if I run nmap against the server IP (from my home machine, > >> outside the local network) it shows over 1000 open ports. Am I not > >> understanding nmap, or is there something seriously wrong here? > > might as well get a root shell and type... > > > > iptables -L > > > > and see what's up with that. > > > > Craig > > > > Thanks for the response. Any advice on understanding this is > appreciated. > > [root at ash ~]# iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > RH-Firewall-1-INPUT all -- anywhere anywhere > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain RH-Firewall-1-INPUT (2 references) > target prot opt source destination > ACCEPT all -- anywhere anywhere > ACCEPT all -- anywhere anywhere Looks like the rules above are accepting anything for that server. The order of the rules makes a big difference.