[rlug] Re: IPTABLES- SMTP

George Serban Thu, 01 Mar 2001 02:02:44 -0800

E cam mare cred a o sa t eplictisesti iti trimit niste bucati

- mailul  imi merge doar ca am acele DENY
- in momentul cind scanez pe FIN cu nmap ( -sF -P0 ( pt ca nu accepta icmp))
acum imi arata ca porturile sint inchise la un scan pe cu -sF) dar la n scan
cu CIBERcop ( NT) imi spune ca le am deschise pe FIN ...??

cind scanez cu nmap de la 1-1024 firewall-ul nu imi face log pe FIN scann
cinsd scanez insa toate porturile de la 1024 in ss imi face log...


$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP

#-- Flush sets (yes, some of this is redundant)
$IPTABLES -F
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT
$IPTABLES -F FORWARD
$IPTABLES -F -t mangle
$IPTABLES -X
$IPTABLES -F -t nat

      $IPTABLES -N loopback
      $IPTABLES -F loopback
      $IPTABLES -A loopback -i lo -j ACCEPT

$IPTABLES -N DROPnLOG 2> /dev/null
$IPTABLES -F DROPnLOG
$IPTABLES -A DROPnLOG -p udp --sport 137:138 --dport 137:138 -j DROP
$IPTABLES -A DROPnLOG -p tcp ! --syn --sport 80 --dport 1024: -j ACCEPT
$IPTABLES -A DROPnLOG -p udp --sport 67 -d 255.255.255.255 --dport 68 -j
DROP
$IPTABLES -A DROPnLOG -j LOG -m limit --limit $LTIME --log-prefix "DENY: "
$IPTABLES -A DROPnLOG -p tcp -j REJECT --reject-with tcp-reset
#$IPTABLES -A DROPnLOG -p tcp --tcp-flags  FIN FIN -m state --state
INVALID -j DROP
#$IPTABLES -A DROPnLOG -p tcp --tcp-flags  FIN FIN -j DROP
$IPTABLES -A DROPnLOG -j DROP

# Create public chain for services
$IPTABLES -N PUBLIC 2> /dev/null
$IPTABLES -F PUBLIC
$IPTABLES -A PUBLIC -j LOG -m limit --limit $LTIME --log-prefix "SMTP: "
$IPTABLES -A PUBLIC -j ACCEPT

$IPTABLES -A INPUT -d $DMZ -p tcp --dport 25 -j ACCEPT
$IPTABLES -A FORWARD -d $DMZ -p tcp --dport 25 -j ACCEPT

$IPTABLES -A INPUT -p tcp -d $SMTP_HOST --dport 25 -j PUBLIC
$IPTABLES -A FORWARD -p tcp -d $SMTP_HOST --dport 25 -j PUBLIC
$IPTABLES -t nat -A PREROUTING -p tcp -d $EXTERNALIP --dport 25 -j DNAT --to
$SMTP_HOST :25

$IPTABLES -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit
$ICMP_RATE -j ACCEPT
# Create connection tracking chain

$IPTABLES -N STATEFUL
$IPTABLES -F STATEFUL
$IPTABLES -I STATEFUL -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A STATEFUL -m state --state NEW -i ! $LOCALIF -j ACCEPT
$IPTABLES -A STATEFUL -j DROPnLOG

$IPTABLES -t nat -A POSTROUTING -s $all -o $EXTERNAL -j MASQUERADE


$IPTABLES -A INPUT -p udp -s $all --sport 53 -j ACCEPT

$IPTABLES -A INPUT -j STATEFUL
$IPTABLES -A FORWARD -j STATEFUL
$IPTABLES -A OUTPUT -j STATEFUL


----- Original Message -----
From: "Stefan Laudat" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 01, 2001 11:32 AM
Subject: [rlug] Re: IPTABLES- SMTP


>
> probabil o ordine proasta a regulilor sau unele bagate cu -A, altele cu -I
unde nu trebuia etc
> se mai intampla la casa omului...
> de obicei (ne) arati si firewall-ul cand ai probleme ;)
>
> On Tue, Feb 06, 2001 at 10:56:06AM +0200, George Serban wrote:
> > Am in loguri urmatoarele :
> > Luminati-ma si pe mine cu o chestie eu accept pachetele SMTP dar am in
loguri urmataorele intrari in care am DENY pe SMTP:
> > Ce flaguri ar trebui sa accept ca sa nu mai a DENY ca in ex de mai jos??
> >
> > Mar  1 10:47:05 ns kernel: DENY: IN=eth0
> > OUT= MAC=00:a0:24:4a:6a:72:00:50:54:80:58:8b:08:00
> >
> > SRC=XX.XX.XX.XX
> >
> > DST=YY.YY.YY.YY
> >
> > LEN=52 TOS=0x00 PREC=0x00 TTL=244 ID=34599 DF PROTO=TCP
> >
> > SPT=25
> >
> > DPT=3116
> >
> >  WINDOW=32942
> >
> >  RES=0x00
> >
> >  ACK FIN URGP=0
> >
> >
> > George
> >
> >
> >
> > ---
> > Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> > unsubscribe from this list.
> >
>
> --
> Stefan Laudat
> -------------
> And on the seventh day, He exited from append mode.
>
> ---
> Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to
> unsubscribe from this list.


---
Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to 
unsubscribe from this list.
[rlug] Re: IPTABLES- SMTP

Raspunde prin e-mail lui
