[Shorewall-users] ports 'closed', not 'blocked'???
Mon, 29 Apr 2002 05:52:21 -0700 (PDT)
On Mon, 29 Apr 2002, Roy Barkas wrote:
> Using Shorewall v1.2, and testing the firewall using scan.sygate.com, I
> am informed that several ports (web (80), ident (113) and DCE locator
> (135) are 'closed' rather than 'blocked'.
> All other ports show as blocked or 'stealthed'.
> I haven't set up any rules or policies that have anything to do with 80,
> 113 or 135.
> Is this normal shorewall behaviour or have I possibly mis-configured
I suspect that your ISP is blocking port 80 -- The default Shorewall
rules file in the samples REJECTS port 113 and I recommend that you leave
it that way to avoid problems connecting to some services. The common.def
file rejects port 135.
> By the way, I've been playing with a variety of Linux firewall tools for
> several years and Shorewall is by far the best working, best documented,
> best supported that I have seen. I can and will unreservedly recommend
> it anytime. Thanks to all of you who have developed or supported
> Shorewall - good job!
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ firstname.lastname@example.org