From: "Jeremy Fowler" <jfowler@westrope.com> Subject: RE: iptables Date: Tue, 9 Jul 2002 09:23:52 -0500 Message-ID: <MFEGKJBMPCLPMMMBAACNOEPBMBAA.jfowler@westrope.com>
Oops that should have been a REJECT with tcp-reset not an icmp port unreachable,
if you want to make it look like the port is closed and not filtered by a
firewall.
So:
iptables -t nat -I PREROUTING -i <interface> --dport <port> \
-s !<address> -j REJECT --reject-with tcp-reset
> -----Original Message-----
> From: Jeremy Fowler [mailto:jfowler@westrope.com]
> Sent: Tuesday, July 09, 2002 9:17 AM
> To: mgoins@kcp.com; kclug@kclug.org
> Subject: RE: iptables
>
>
> Try blocking it in the PREROUTING chain of the nat or mangle table
> and then REJECT the packet with a icmp port unreachable.
>
> iptables -t nat -I PREROUTING -i <interface> --dport <port> -s
> !<address> -j REJECT
>
> > -----Original Message-----
> > From: owner-kclug@marauder.illiana.net
> > [mailto:owner-kclug@marauder.illiana.net]On Behalf Of mgoins@kcp.com
> > Sent: Tuesday, July 09, 2002 7:57 AM
> > To: kclug@kclug.org
> > Subject: iptables
> >
> >
> > Howdy all,
> >
> >
> > I 'm looking to hide an open port from my LAN (nmap scans) and have only
> > open to one machine. I'm thinking iptables, I have read the man page and
> > the how-to. but I can't seem to get it working. I am able to block
> > everybody but the one host. I am not able to hide it from nmap as being
> > open.
> >
> >
> >
> > Any help would be great.
> >
> >
> > Thanks,
> >
> > ~Michael
> >
> >
> >