On Wed, 13 Sep 2000, Ciprian Niculescu wrote:
> wow, multe ai la o parcurgere rapida am vazut mai intai un
> deny -s all -d all -p all
> apoi vine un
> allow -s all -d all -p all
>
> deci aranjeaza si tu alea, mai taie din ele (acum pentru debug), ca te
> descurci mai usor cu mai putine reguli
Pai asta iti arata ipchains -L -n ca nu stie sa arate si interfatele,
ce e de deny e pe ppp0, ce e de all allow e pt eth0 - localnet, si pe
forward e tot timpul accept ca nu pot masquera din mai mutle motive..
>
> C
>
> P.S. intrebarea cu forwardul ramane, vad ca tu il ai gol si pe ACCEPT
>
> Ionut MURGOCI wrote:
>
> > Astea imi sunt regulile :
> >
> > Chain input (policy REJECT):
> > target prot opt source destination ports
> > ACCEPT udp ----l- 172.21.31.11 0.0.0.0/0
> > 32769:65535 -> 33434:33523
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 22
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1022:1023 ->
> > 22
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 ->
> > *
> > DENY all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> > DENY all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> > DENY all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> > DENY all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 255.255.255.255 0.0.0.0/0 n/a
> > DENY all ----l- 0.0.0.0/0 0.0.0.0 n/a
> > DENY all ----l- 224.0.0.0/4 0.0.0.0/0 n/a
> > DENY all ----l- 240.0.0.0/5 0.0.0.0/0 n/a
> > DENY all ----l- 1.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 2.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 5.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 7.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 23.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 27.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 31.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 37.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 39.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 41.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 42.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 58.0.0.0/7 0.0.0.0/0 n/a
> > DENY all ----l- 60.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 65.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 66.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 67.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 68.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 69.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 70.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 71.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 72.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 73.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 74.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 75.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 76.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 77.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 78.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 79.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 80.0.0.0/4 0.0.0.0/0 n/a
> > DENY all ----l- 96.0.0.0/4 0.0.0.0/0 n/a
> > DENY all ----l- 112.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 113.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 114.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 115.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 116.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 117.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 118.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 119.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 120.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 121.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 122.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 123.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 124.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 125.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 126.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 217.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 218.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 219.0.0.0/8 0.0.0.0/0 n/a
> > DENY all ----l- 220.0.0.0/6 0.0.0.0/0 n/a
> > ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> > DENY all ------ 193.226.23.79 0.0.0.0/0 n/a
> > ACCEPT all ------ 193.226.103.0/24 0.0.0.0/0 n/a
> > DENY all ----l- 193.226.103.130 0.0.0.0/0 n/a
> > DENY all ----l- 193.226.103.131 0.0.0.0/0 n/a
> > DENY all ----l- 193.226.103.132 0.0.0.0/0 n/a
> > DENY all ----l- 193.226.103.133 0.0.0.0/0 n/a
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 20 ->
> > *
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 23
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 23 ->
> > *
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 25 ->
> > *
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 25
> > ACCEPT udp ------ 193.226.30.2 0.0.0.0/0 53 ->
> > 1024:65535
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 53 ->
> > 1024:65535
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 79 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 79
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 80 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 79
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 80 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 80
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 80 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 80
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 110 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 110
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 110 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 110
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 113 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 113
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 113 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 79
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 80 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 80
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 80 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 80
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 110 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 110
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 110 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 110
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 113 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 113
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 113 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 113
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 143 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 143
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24 143 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 143
> > ACCEPT tcp !y---- 0.0.0.0/0 193.226.103.0/24 443 ->
> > 1024:65535
> > ACCEPT udp ------ 0.0.0.0/0 193.226.103.0/24
> > 1024:65535 -> 443
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 6667 ->
> > 1024:65535
> > ACCEPT icmp ------ 0.0.0.0/0 193.226.103.0/24 * ->
> > *
> > Chain forward (policy ACCEPT):
> > Chain output (policy REJECT):
> > target prot opt source destination ports
> > ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0
> > 32769:65535 -> 33434:33523
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 ->
> > 1024:65535
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 22 ->
> > 1022:1023
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 22
> > REJECT all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> > REJECT all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> > REJECT all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> > REJECT all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> > REJECT all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> > ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> > ACCEPT all ------ 0.0.0.0/0 193.226.103.0/24 n/a
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 23 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 23
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 25 ->
> > *
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 25
> > ACCEPT udp ------ 0.0.0.0/0 193.226.30.2
> > 1024:65535 -> 53
> > Chain output (policy REJECT):
> > target prot opt source destination ports
> > ACCEPT udp ------ 0.0.0.0/0 0.0.0.0/0
> > 32769:65535 -> 33434:33523
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 22 ->
> > 1024:65535
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 22 ->
> > 1022:1023
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 22
> > REJECT all ----l- 10.0.0.0/8 0.0.0.0/0 n/a
> > REJECT all ----l- 0.0.0.0/0 10.0.0.0/8 n/a
> > REJECT all ----l- 192.168.0.0/16 0.0.0.0/0 n/a
> > REJECT all ----l- 0.0.0.0/0 192.168.0.0/16 n/a
> > REJECT all ----l- 127.0.0.0/8 0.0.0.0/0 n/a
> > ACCEPT all ------ 0.0.0.0/0 0.0.0.0/0 n/a
> > ACCEPT all ------ 0.0.0.0/0 193.226.103.0/24 n/a
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 23 ->
> > 1024:65535
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 23
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 25 ->
> > *
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0 * ->
> > 25
> > ACCEPT udp ------ 0.0.0.0/0 193.226.30.2
> > 1024:65535 -> 53
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 53
> > ACCEPT tcp ------ 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 79
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0 79 ->
> > 1024:65535
> > ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 80
> > ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 80 ->
> > 1024:65535
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 80
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 80 ->
> > 1024:65535
> > ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 110
> > ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 110 ->
> > 1024:65535
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 110
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 110 ->
> > 1024:65535
> > ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 113
> > ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 113 ->
> > 1024:65535
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 113
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 113 ->
> > 1024:65535
> > ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 143
> > ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 143 ->
> > 1024:65535
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 143
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 143 ->
> > 1024:65535
> > ACCEPT tcp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 443
> > ACCEPT tcp !y---- 193.226.103.0/24 0.0.0.0/0 443 ->
> > 1024:65535
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0
> > 1024:65535 -> 443
> > ACCEPT udp ------ 193.226.103.0/24 0.0.0.0/0 443 ->
> > 1024:65535
> > ACCEPT tcp !y---- 0.0.0.0/0 0.0.0.0/0
> > 1024:65535 -> 6667
> > ACCEPT icmp ------ 193.226.103.0/24 0.0.0.0/0 * ->
> > *
> >
> > Cam asta e .. idei de ce nu mere sa dau ssh din afara aici ? nici ssh
> > simplu nici cu ssh -P. ??
> > THX.
> >
> > ---
> > Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> > unsubscribe from this list.
>
>
> ---
> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> unsubscribe from this list.
>
--
Cheers,
Ionut.
---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
unsubscribe from this list.
