Hi, i've restart my iptables, i can see the two authorized port with iptables -L but my client can't access the website with this port... how can i log the "denied access" from iptables ?
regards Alain powerclientcsf 2443/tcp dls-monitor 2048/tcp Chain input-internal-inline-if (2 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain mark match 0x3 ACCEPT udp -- anywhere anywhere udp dpt:domain mark match 0x3 ACCEPT tcp -- anywhere anywhere tcp dpt:domain mark match 0x2 ACCEPT udp -- anywhere anywhere udp dpt:domain mark match 0x2 DROP tcp -- anywhere anywhere tcp dpt:domain mark match 0x1 DROP udp -- anywhere anywhere udp dpt:domain mark match 0x1 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:dls-monitor ACCEPT tcp -- anywhere anywhere tcp dpt:powerclientcsf Alain Defrance Chef de service des systèmes d'informations 01 47 03 89 11 [email protected] De: "packetfence-users" <[email protected]> À: "packetfence-users" <[email protected]> Cc: "Fabrice Durand" <[email protected]> Envoyé: Mardi 24 Septembre 2019 12:34:19 Objet: Re: [PacketFence-users] authorized ports Hello Alain, you can go ahead and restart iptables service, there is no impact. systemctl restart packetfence-iptables Regards Fabrice Le 19-09-24 à 05 h 35, Alain Defrance via PacketFence-users a écrit : Hi Martijn not yet because the server packetfence is in product.. i'm afraid to block users... Alain Defrance Chef de service des systèmes d'informations 01 47 03 89 11 [ mailto:[email protected] | [email protected] ] De: "Martijn Langendoen" [ mailto:[email protected] | <[email protected]> ] À: "packetfence-users" [ mailto:[email protected] | <[email protected]> ] Cc: "Alain Defrance" [ mailto:[email protected] | <[email protected]> ] Envoyé: Mardi 24 Septembre 2019 09:40:15 Objet: RE: authorized ports Hi, Did you restart the restart the iptables service? Martijn Langendoen Network Administrator Storage Administrator [ mailto:[email protected] | [email protected] ] T: 0118 654307 [ https://www.facebook.com/dezbnl ] [ https://www.twitter.com/dezbnl ] [ https://www.linkedin.com/company/dezbnl ] [ https://www.instagram.com/dezbnl ] /dezbnl [ http://www.dezb.nl/ | www.dezb.nl ] Kousteensedijk 7 4331 JE Middelburg Postbus 8004 4330 EA Middelburg Ik werk op: ma, wo ochtend di,do,vr 7:30 – 17:00 Van: Alain Defrance via PacketFence-users [ mailto:[email protected] | <[email protected]> ] Verzonden: dinsdag 24 september 2019 09:28 Aan: packetfence-users [ mailto:[email protected] | <[email protected]> ] CC: Alain Defrance [ mailto:[email protected] | <[email protected]> ] Onderwerp: Re: [PacketFence-users] authorized ports Merci Fabrice thank a lot Fabrice i've a iptables.conf file which contains the 2 lines -A input-internal-inline-if --protocol tcp --match tcp --dport 2048 --jump ACCEPT -A input-internal-inline-if --protocol tcp --match tcp --dport 2443 --jump ACCEPT but when i use iptables -L i can't see the lines and that doesn't works regards j'ai bien un fichier iptables.conf qui comporte les 2 lignes -A input-internal-inline-if --protocol tcp --match tcp --dport 2048 --jump ACCEPT -A input-internal-inline-if --protocol tcp --match tcp --dport 2443 --jump ACCEPT mais lorsque je fait iptables -L je ne les voit pas... et donc ça ne fonctionne pas, est-ce que cela veut dire qu'elles ne sont pas chargées ? bien cordialement Alain Defrance Chef de service des systèmes d'informations 01 47 03 89 11 [ mailto:[email protected] | [email protected] ] De: "packetfence-users" < [ mailto:[email protected] | [email protected] ] > À: "packetfence-users" < [ mailto:[email protected] | [email protected] ] > Cc: "Fabrice Durand" < [ mailto:[email protected] | [email protected] ] > Envoyé: Lundi 23 Septembre 2019 17:32:51 Objet: Re: [PacketFence-users] authorized ports Hello Alain, you just need to edit the iptables template file under /usr/local/pf/conf/iptables.conf: -A input-management-if --protocol tcp --match tcp --dport 2048 --jump ACCEPT -A input-management-if --protocol tcp --match tcp --dport 2443 --jump ACCEPT Then restart the iptables service. Regards Fabrice Le 19-09-23 à 11 h 10, Alain Defrance via PacketFence-users a écrit : BQ_BEGIN Hi, i need to authorized 2 ports on my packetfence, 2048 and 2443 but i don't how.. with the interface and where ? with iptables and how ? thanks a lot for replies Alain Alain Defrance Chef de service des systèmes d'informations 01 47 03 89 11 [ mailto:[email protected] | [email protected] ] _______________________________________________ PacketFence-users mailing list [ mailto:[email protected] | [email protected] ] [ https://lists.sourceforge.net/lists/listinfo/packetfence-users | https://lists.sourceforge.net/lists/listinfo/packetfence-users ] -- Fabrice Durand [ mailto:[email protected] | [email protected] ] :: +1.514.447.4918 (x135) :: [ http://www.inverse.ca/ | www.inverse.ca ] Inverse inc. :: Leaders behind SOGo ( [ http://www.sogo.nu/ | http://www.sogo.nu ] ) and PacketFence ( [ http://packetfence.org/ | http://packetfence.org ] ) _______________________________________________ PacketFence-users mailing list [ mailto:[email protected] | [email protected] ] [ https://lists.sourceforge.net/lists/listinfo/packetfence-users | https://lists.sourceforge.net/lists/listinfo/packetfence-users ] _______________________________________________ PacketFence-users mailing list [ mailto:[email protected] | [email protected] ] [ https://lists.sourceforge.net/lists/listinfo/packetfence-users | https://lists.sourceforge.net/lists/listinfo/packetfence-users ] BQ_END _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
