iptables...they can see my hard drive

[Trekkie]

Hi,

I'm using iptable as my firewall/router. I went to those website (

http://www.anti-trojan.net)

that checks your anonymity and they displayed my entire C drive on the website. Which port do I need to close in order to prevent this from happening? I want to block it at the firewall.

I don't want to disable my javascripts or JVM because that's only protects only one machine.

my firewall script

modprobe iptable_nat
myiptable=/sbin/iptables
$myiptable -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$myiptable -A INPUT -i eth0 -p tcp --dport 0:60000 -j DROP
$myiptable -A INPUT -p tcp --tcp-flags SYN,ACK,FIN SYN -j DROP
$myiptable -A INPUT -i eth0 -p udp --dport 0:60000 -j DROP
$myiptable -A INPUT -i eth0 -p icmp -j DROP

Thanks for any advice

T.

 

[John Lewis]

Quite frankly, I generally go the other direction . . . drop everything by default, then let through what really needs to be.

Something like this:

INTIF="eth0"
EXITIF="eth1"

#Define a 'drop' policy for input and forward, flush tables

$myiptable -P INPUT DROP
$myiptable -F INPUT
$myiptable -P OUTPUT ACCEPT
$myiptable -F OUTPUT
$myiptable -P FORWARD DROP
$myiptable -F FORWARD
$myiptable -t nat -F

#Allow the internal interface to do anything

$myiptable -A INPUT -i $INTIF -j ACCEPT
$myiptable -A OUTPUT -o $INTIF -j ACCEPT

#Allow this machine to send anything out, accept anything related

$myiptable -A OUTPUT -o $EXTIF -j ACCEPT
$myiptable -A INPUT -i $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

#Allow the internal network to send anything out, accept anything related

$myiptable -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$myiptable -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

#Enable SNAT (MASQUERADE) functionality on $EXTIF"
$myiptable -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE


Note that that is not intended to be a complete firewall, and you will have to allow any additional access to the outside. You will have to change EXTIF= to match the interface connected to the net and INTIF= to match the interface to your internal network. This also assumes that you have all appropriate modules loaded.

[red]Insert any other appropriate legal bs that says I don't know nothin', all at your own risk, etc.[/red]

Now, having said that, there is no firewall rule that can eliminate what you saw at that website. Went there myself, just for kicks. Note the information below the contents of drive C FROM THEIR WEBSITE:

"Very important here is that the webmaster doesn't have access to your files! It's only an explorer window inside the internet explorer. This trick is used by some websites, in order to spread panic among the visitors. (And sell them a tool to fix this.) "

What they are telling you is they can make it display on your computer, but they can't see it.

Hope this helps.

 

[Trekkie]

Thanks mhkwood,

I appreciate the info! I'm going to try your script.

T.