11.04 firewall not on by default??
Chuck Peters
cp at axs.org
Mon Jun 27 22:47:41 UTC 2011
Avi said:
>
> I thought the default was to drop unexpected incoming packets, but I'm
> not certain. Either way, I'd not use installing SSH and finding SSH
> working as a test of whether there's a firewall or not.
It is easy to test since almost all firewall frontends use iptables,
older kernels had something else years ago...
No firewall:
$ sudo iptables -L
[sudo] password for cp:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Firewall enabled via shorewall, and I won't include all the output:
cp at mintaka:~$ sudo iptables -L
[sudo] password for cp:
Chain INPUT (policy DROP)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW
eth0_in all -- anywhere anywhere
eth2_in all -- anywhere anywhere
loc2fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere [goto]
Chuck
More information about the ubuntu-users
mailing list