Re: [m0n0wall] Mystical open port 80...can't block

From:	Jeff Buehler <jeff at buehlertech dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Mystical open port 80...can't block
Date:	Tue, 22 May 2007 08:25:49 -0700

A given port should be blocked by default, assuming you don't have 
another rule that overrides that, so explicitly blocking it shouldn't be 
necessary.  The rules that come first should be overridden by rules that 
come after, so if you block it somewhere and then proceed to unblock it 
later, my understanding is that it will be unblocked - in other words 
make certain your rules are ordered correctly.

Lastly, I have found rebooting m0n0wall always corrects any "anomalous" 
behavior that I occasionally run into.  It shouldn't be necessary, but I 
have had m0n0walls continue to block all access after I have entered 
unblocking rules that only behaved properly after a reboot.

You may find it simpler to check your port status locally instead of 
having to wait until you are back at work - you can use a web based tool 
(there are a number out there) - of course another non-related line 
available locally is even better.

I hope something there helps...

Jeff

Hart, Benjamin wrote:
> I ran nmap from a machine here at work yesterday and noticed that I
> still had pptp enabled and the port was open..also notice that port 80
> was open as well but not accepting connections.  Last night I created a
> rule explicitly blocking port 80 and disabled the pptp setup.  However
> today I just did another nmap scan and found that those two ports are
> still open...what gives?
>
>  
>
>  
>
> Ben Hart
>
> Network Engineer
>
> Unified Brands, Inc.
>
> www.unifiedbrands.net
>
>  
>
>
>