Shields Up reports one open port through iptables

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
My IP address is sitting directly on the Internet with no firewall
(that I can tell) other than my iptables and I have the following rules
in iptables:

/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

Shields Up, , reports that my port
1 is closed and all other ports are "stealth". I was under the
impression that the rules above would make all ports appear "not to
respond"/"be stealth" from any request not initiated by me/my computer.

So, either Shields Up is reporting faulty information or I don't have
my rules set the way I want. What do youz guyz think? What would be a
good set of rules to be stateful and also wear the cloak of
invisibility? Thanks.

Re: Shields Up reports one open port through iptables

On 28 Feb 2006 07:43:38 -0800, wrote:

Quoted text here. Click to load it

The guy running SU is clueless.

Living in a land down under / Where women glow and men plunder / Can't you
hear, can't you hear the thunder? / You better run, you better take cover!
                                                             --Men At Work

Re: Shields Up reports one open port through iptables wrote:
Quoted text here. Click to load it

Port *1*?  That's quite odd...

Try telnet <your_ip> 1 from a different machine, or using the "real"
IP (i.e., the IP assigned, and not or localhost -- that
way, the packet will not come in through the loopback interface)

See if it immediately tells you "Connection refused", or if it
just freezes there waiting for the connection to be accepted  (if
the former, the port is closed, as Shields Up reports -- from the
above iptables ruleset, it should freeze).

Also check iptables -L  to list the *actual* rules  (maybe another
iptables command was executed, or maybe the above is inaccurate?)

I just had Shields Up scan my machine, and it reports it as full
stealth (my machine has a slightly less strict ruleset than the
above -- I accept ESTABLISHED *and* RELATED, and I also accept
FORWARD traffic if it comes from the interface that connects to
the internal LAN;  but from the point of view of what Shields Up
might report, my ruleset is essentially the same as the one you

If all checks out, you might want to write to the Shields Up guy
and report the possible bug in their system.  (you might want to
try the scan again -- it might have been a temporary failure)


Site Timeline