Le Dimanche 3 Juin 2001 09:43, vous avez écrit : > Je reste sur mon idée ! :) > Je pense que c'est ipchains, enfin oui, netfilter. > Tu peux préciser les interfaces, et comme tu en as 2 : une vers le LAN et > l'autre vers Internet (enfin, avant, il y a ton FW hardware), je pense > qu'il laisse tout passer sur une interface (celle du LAN) et qu'il filtre > vers le FW. > Essaie de trouver la commande équivalente à 'ipchains -L' pour voir ce > qu'il filtre. Je ne peux pas te la filer : mon server est une Suse 7.0 et > je n'ai donc pas netfilter... > Dis moi ce que ca donne ! > > Pierre > re-bonjour, je suis tenter de penser comme vous Pierre mais ipchains -L (invalid) j'ai donc entrer "iptables -L".. voiçi la réponse
Chain INPUT (policy DROP) target prot opt source destination DROP tcp -- anywhere 127.0.0.0/8 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere DROP all -- BASE-ADDRESS.MCAST.net/4 anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere PUB_IN all -- anywhere anywhere INT_IN all -- anywhere anywhere DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere PUB_OUT all -- anywhere anywhere INT_OUT all -- anywhere anywhere Chain INT_IN (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain INT_OUT (1 references) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain PUB_IN (3 references) target prot opt source destination DROP all -- anywhere 44.144.3.100 DROP all -- 44.144.3.100 anywhere ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT udp -- anywhere anywhere udp dpt:domain LOG tcp -- anywhere anywhere tcp dpt:telnet state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:ftp state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:imap state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:pop3 state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:finger state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:sunrpc state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:exec state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:login state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:tacnews state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG tcp -- anywhere anywhere tcp dpt:ssh state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' LOG udp -- anywhere anywhere udp dpt:31337 state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit' DROP icmp -- anywhere anywhere DROP all -- anywhere anywhere Chain PUB_OUT (3 references) target prot opt source destination REJECT icmp -- anywhere anywhere icmp destination-unreachable reject-with icmp-port-unreachable REJECT icmp -- anywhere anywhere icmp time-exceeded reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere
