Just FYI:
- If I understood the port range in the original post correctly, I should mention that by default “nmap” doesn’t necessarily look at all the ports in that range - you need additional command line options for that, e.g., to scan all the way up to port 50000:
nmap -p 1-50000
- By default, the “iptables” command only operates on the “filter” table. Depending on what you’re doing, the other tables can sometimes have an impact. So:
iptables -L
only shows the rules in the filter table. It might be fair to say that those are often the rules with the greatest impact, but it’s not as though the other tables do nothing. If you’re going to continue to use the firewall, you might want to check the other tables, as the firewall tends to use several tables.
- Because iptables rules can be configured to make a distinction between incoming and outgoing connections/packets, to be sure you have the correct view of things, you really should run nmap, or some other port scanner, against the public IP from outside the firewall.
When I’ve tried to use the firewall software, I’ve found that it tended to create quite a few rules at an iptables level, that were rather time consuming to go through manually to verify, if my needs were simple. I feel the resultant iptables rules had all sorts of things that someone considered to be implied and/or worthwhile, but often turned out to be not in keeping with my wishes. Also, if I was able to do everything I needed with the firewall config, and verify it at a high level, without getting into firewall config at a very detailed level, great. But when I found that I either needed to verify the iptables rules generated by the firewall at a very detailed level, or add to them, I found I needed to get into the details of iptables anyway. So for my application, it seemed simpler to me to not use the firewall, just use iptables to create a few simple rules to do exactly what I wanted, nothing more, nothing less.
Hope this helps.