Menu
▾
▴
[Devil-Linux-discuss] iptables_warning
|
From: Oliver N. <dig...@gm...> - 2008-10-29 21:45:31
|
Today i noticed that we have some deprecated lines in the
default firewall scripts (firewall.rules.2nic,firewall.rules.3nic)
# Prevent NetBIOS and Samba from leaking.
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 135 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 135 -j DROP
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 137:139 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 137:139 -j DROP
${IPTABLES} -t nat -A PREROUTING -p TCP --dport 445 -j DROP
${IPTABLES} -t nat -A PREROUTING -p UDP --dport 445 -j DROP
If this script is started iptables reports:
The "nat" table is not intended for filtering, hence the use of DROP is
deprecated and will permanently be disabled in the next iptables
release. Please adjust your scripts.
I think we should fix this to avoid future problems.
I personally use the INPUT and OUTPUT Chains for this -
any other suggestions?
Oliver
|
