wow, multe ai la o parcurgere rapida am vazut mai intai un
deny -s all -d all -p all
apoi vine un
allow -s all -d all -p all
deci aranjeaza si tu alea, mai taie din ele (acum pentru debug), ca te
descurci mai usor cu mai putine reguli
C
P.S. intrebarea cu forwardul ramane, vad ca tu il ai gol si pe ACCEPT
Ionut MURGOCI wrote:
> Astea imi sunt regulile :
>
> Chain input (policy REJECT):
> target prot opt source destination ports
> ACCEPT udp ----l- 172.21.31.11 0.0.0.0/0
> 32769:65535 -> 33434:33523
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 22
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1022:1023 ->
> 22
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 ->
> *
> DENY all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> DENY all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> DENY all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> DENY all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 255.255.255.255 0.0.0.0/0 n/a
> DENY all ----l- 0.0.0.0/0 0.0.0.0 n/a
> DENY all ----l- 224.0.0.0/4 0.0.0.0/0 n/a
> DENY all ----l- 240.0.0.0/5 0.0.0.0/0 n/a
> DENY all ----l- 1.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 2.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 5.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 7.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 23.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 27.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 31.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 37.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 39.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 41.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 42.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 58.0.0.0/7 0.0.0.0/0 n/a
> DENY all ----l- 60.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 65.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 66.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 67.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 68.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 69.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 70.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 71.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 72.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 73.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 74.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 75.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 76.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 77.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 78.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 79.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 80.0.0.0/4 0.0.0.0/0 n/a
> DENY all ----l- 96.0.0.0/4 0.0.0.0/0 n/a
> DENY all ----l- 112.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 113.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 114.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 115.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 116.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 117.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 118.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 119.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 120.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 121.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 122.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 123.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 124.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 125.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 126.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 217.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 218.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 219.0.0.0/8 0.0.0.0/0 n/a
> DENY all ----l- 220.0.0.0/6 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> DENY all ------ 193.226.23.79 0.0.0.0/0 n/a
> ACCEPT all ------ 193.226.103.0/24 0.0.0.0/0 n/a
> DENY all ----l- 193.226.103.130 0.0.0.0/0 n/a
> DENY all ----l- 193.226.103.131 0.0.0.0/0 n/a
> DENY all ----l- 193.226.103.132 0.0.0.0/0 n/a
> DENY all ----l- 193.226.103.133 0.0.0.0/0 n/a
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 20 ->
> *
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 23
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 23 ->
> *
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 25 ->
> *
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 25
> ACCEPT udp ------ 193.226.30.2 0.0.0.0/0 53 ->
> 1024:65535
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 53 ->
> 1024:65535
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 79 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 79
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 80 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 79
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 80 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 80
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 80 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 80
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 110 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 110
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 110 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 110
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 113 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 113
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 113 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 79
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 80 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 80
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 80 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 80
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 110 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 110
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 110 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 110
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 113 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 113
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 113 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 113
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 143 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 143
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 143 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 143
> ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 443 ->
> 1024:65535
> ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> 1024:65535 -> 443
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 6667 ->
> 1024:65535
> ACCEPT icmp ------ 0.0.0.0/0 193.226.103.0/24 * ->
> *
> Chain forward (policy ACCEPT):
> Chain output (policy REJECT):
> target prot opt source destination ports
> ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0
> 32769:65535 -> 33434:33523
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 ->
> 1024:65535
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 22 ->
> 1022:1023
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 22
> REJECT all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> REJECT all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> REJECT all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> REJECT all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> REJECT all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 193.226.103.0/24 n/a
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 23 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 23
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 25 ->
> *
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 25
> ACCEPT udp ------ 0.0.0.0/0 193.226.30.2
> 1024:65535 -> 53
> Chain output (policy REJECT):
> target prot opt source destination ports
> ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0
> 32769:65535 -> 33434:33523
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 ->
> 1024:65535
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 22 ->
> 1022:1023
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 22
> REJECT all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> REJECT all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> REJECT all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> REJECT all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> REJECT all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> ACCEPT all ------ 0.0.0.0/0 193.226.103.0/24 n/a
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 23 ->
> 1024:65535
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 23
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 25 ->
> *
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> 25
> ACCEPT udp ------ 0.0.0.0/0 193.226.30.2
> 1024:65535 -> 53
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 53
> ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 79
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 79 ->
> 1024:65535
> ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 80
> ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 80 ->
> 1024:65535
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 80
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 80 ->
> 1024:65535
> ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 110
> ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 110 ->
> 1024:65535
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 110
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 110 ->
> 1024:65535
> ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 113
> ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 113 ->
> 1024:65535
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 113
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 113 ->
> 1024:65535
> ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 143
> ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 143 ->
> 1024:65535
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 143
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 143 ->
> 1024:65535
> ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 443
> ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 443 ->
> 1024:65535
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> 1024:65535 -> 443
> ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 443 ->
> 1024:65535
> ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0
> 1024:65535 -> 6667
> ACCEPT icmp ------ 193.226.103.0/24 0.0.0.0/0 * ->
> *
>
> Cam asta e .. idei de ce nu mere sa dau ssh din afara aici ? nici ssh
> simplu nici cu ssh -P. ??
> THX.
>
> ---
> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> unsubscribe from this list.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
