Quoting Claudiu Cismaru <[EMAIL PROTECTED]>: > > UP_PORTS este 1024+ si oricum daca era asa aparea in > > /var/log/messages, am avut 2-3 cazuri. > > Ce iti apare in /var/log/messages ?
Uite un exemplu: Jun 27 16:23:03 xxx kernel: IPTABLES TCP-IN: IN=eth0 OUT= MAC=00:d0:... SRC=80.96.76.8 DST=x.x.x.x LEN=40 TOS=0x08 PREC=0x00 TTL=241 ID=47806 PROTO=TCP SPT=464 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 > Cum ai pus regula de log si mai > important, UNDE ai pus-o (fata de celelalte reguli) ? La coada: for I in $IFACES; do # Any udp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i $I -p udp -j LOG --log-prefix "IPTABLES UDP-IN: " $IPTABLES -A INPUT -i $I -p udp -j DROP $IPTABLES -A OUTPUT -o $I -p udp -j LOG --log-prefix "IPTABLES UDP-OUT: " $IPTABLES -A OUTPUT -o $I -p udp -j DROP # Any icmp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i $I -p icmp -j LOG --log-prefix "IPTABLES ICMP-IN: " $IPTABLES -A INPUT -i $I -p icmp -j DROP $IPTABLES -A OUTPUT -o $I -p icmp -j LOG --log-prefix "IPTABLES ICMP-OUT: " $IPTABLES -A OUTPUT -o $I -p icmp -j DROP # Any tcp not already allowed is logged and then dropped. $IPTABLES -A INPUT -i $I -p tcp -j LOG --log-prefix "IPTABLES TCP-IN: " $IPTABLES -A INPUT -i $I -p tcp -j DROP $IPTABLES -A OUTPUT -o $I -p tcp -j LOG --log-prefix "IPTABLES TCP-OUT: " $IPTABLES -A OUTPUT -o $I -p tcp -j DROP # Anything else not already allowed is logged and then dropped. # It will be dropped by the default policy anyway but let's be paranoid. $IPTABLES -A INPUT -i $I -j LOG --log-prefix "IPTABLES PROTOCOL-X-IN: " $IPTABLES -A INPUT -i $I -j DROP $IPTABLES -A OUTPUT -o $I -j LOG --log-prefix "IPTABLES PROTOCOL-X-OUT: " $IPTABLES -A OUTPUT -o $I -j DROP done -- GZ
