Strange IP listed in iptables rulset

Support for security such as Firewalls and securing linux
Post Reply
orcus
Posts: 6
Joined: 2006/05/08 03:26:19
Location: melb aus

Strange IP listed in iptables rulset

Post by orcus » 2006/05/10 08:30:57

Still using system-config-securitylevel to specify port blocking.
I know its an evil kludge but I am behind a router/modem that is even more painfull to administer and has no chance of firmware updates to allow anything like the ability to specify more than one rule per update.

On a client in behind my router I when I do an iptables -L there are some strange ruleset entries in the result. Should I be concerned about the 224.0.0.251 rule ? I never explicitly put it in there and I am not using any other iptables ruleset generator nor manipulating rules directly. No idea how system-config-securitylevel calls iptables or where it gets its rules from.

[code]
[root@gonkie ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5800
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5900
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere state NEW udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT udp -- anywhere anywhere state NEW udp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4001
ACCEPT udp -- anywhere anywhere state NEW udp dpt:4001
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4002
ACCEPT udp -- anywhere anywhere state NEW udp dpt:4002
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4003
ACCEPT udp -- anywhere anywhere state NEW udp dpt:4003
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:4004
ACCEPT udp -- anywhere anywhere state NEW udp dpt:4004
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[/code]

knigh7
Posts: 8
Joined: 2006/05/06 12:08:50
Location: Australia

Re: Strange IP listed in iptables rulset

Post by knigh7 » 2006/05/11 11:10:57

not sure what that ip is ive removed it from my iptables aswell its part of the default centos set. by the way y have you got so many accept rules when one of your first rules is accept all anywhere anywhere? not really much point in that

foxb
Posts: 1927
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

Re: Strange IP listed in iptables rulset

Post by foxb » 2006/05/11 19:20:35

This is multicast address used by mDNS

see here:
http://www.iana.org/assignments/multicast-addresses

and

http://www.multicastdns.org/

arrfab
Site Admin
Posts: 875
Joined: 2005/01/03 21:30:54
Location: /country/belgium
Contact:

Re: Strange IP listed in iptables rulset

Post by arrfab » 2006/05/11 19:20:37

cat /etc/services|grep 5353
mdns 5353/tcp # Multicast DNS
mdns 5353/udp # Multicast DNS

224.0.0.251 is a multicast address ... you can disable it if you don't want to use mdns ...

Post Reply

Return to “CentOS 4 - Security Support”