I am a little concerned/confused by results from a simple port scan on my internet facing ROS box.
I have firewall rules “dropping” pretty much everything but I can still see the following when doing a portscan (nmap -sS xx.xx.xx.xx) and there is nothing showing up on my IMPLICIT_DENY firewall rule to show that this is being “seen” by the firewall.
I want to make this box invisible to the outside world with exception of a few whitelisted IP address which will be in the IP>FIREWALL section.
Any ideas?
Starting Nmap 6.40 ( http://nmap.org ) at 2017-11-22 11:07 GMT
Nmap scan report for xxxxxx.com (xx.xx.xx.xx)
Host is up (0.013s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
179/tcp open bgp
2000/tcp open cisco-sccp
Nmap done: 1 IP address (1 host up) scanned in 4.09 seconds
I am thinking (after reading the documentation a few times), that I need add these DENY rules to the INPUT chain as this is targeting and IP on the router itself. Is this correct?
Permit. Just moved all of my intended rules to the INPUT chain and everything works fine… (a) doesn’t show in a port scan and (b) didn’t kill BGP and lock myself out of the router!!