I always knew webmin was arse, but this…
This is the output of iptables -L on a webmin-managed box I just saw:
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp flags:ACK/ACK ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1024:65535 ACCEPT icmp -- anywhere anywhere icmp any ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT udp -- anywhere anywhere udp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:mysql ACCEPT tcp -- anywhere anywhere tcp spt:mysql ACCEPT tcp -- anywhere anywhere tcp dpts:terabase:samsung-unidex ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp ACCEPT tcp -- anywhere anywhere tcp dpt:dnp LOG all -- anywhere anywhere LOG level debug prefix `DROPPED = ' ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpt:ftp
Lovely that it has all those ports and whatnot opened up, but what’s with the ACCEPT policies?
Webmin: Now with FAILWALL management!
I should have been in marketing.