[rlug] Re: IPCHAINS - my rules
On Wed, 13 Sep 2000, you wrote: > On Wed, 13 Sep 2000, Ciprian Niculescu wrote: > > > wow, multe ai la o parcurgere rapida am vazut mai intai un > > deny -s all -d all -p all > > apoi vine un > > allow -s all -d all -p all > > > > deci aranjeaza si tu alea, mai taie din ele (acum pentru debug), ca te > > descurci mai usor cu mai putine reguli > >Pai asta iti arata ipchains -L -n ca nu stie sa arate si interfatele, > ce e de deny e pe ppp0, ce e de all allow e pt eth0 - localnet, si pe > forward e tot timpul accept ca nu pot masquera din mai mutle motive.. ipchains -L -v ai incercat? (asta arata si interfetele). Sorin Olteanu --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
[rlug] Re: IPCHAINS - my rules
On Wed, 13 Sep 2000, Ciprian Niculescu wrote: > wow, multe ai la o parcurgere rapida am vazut mai intai un > deny -s all -d all -p all > apoi vine un > allow -s all -d all -p all > > deci aranjeaza si tu alea, mai taie din ele (acum pentru debug), ca te > descurci mai usor cu mai putine reguli Pai asta iti arata ipchains -L -n ca nu stie sa arate si interfatele, ce e de deny e pe ppp0, ce e de all allow e pt eth0 - localnet, si pe forward e tot timpul accept ca nu pot masquera din mai mutle motive.. > > C > > P.S. intrebarea cu forwardul ramane, vad ca tu il ai gol si pe ACCEPT > > Ionut MURGOCI wrote: > > > Astea imi sunt regulile : > > > > Chain input (policy REJECT): > > target prot opt sourcedestination ports > > ACCEPT udp l- 172.21.31.11 0.0.0.0/0 > > 32769:65535 -> 33434:33523 > > ACCEPT tcp !y 0.0.0.0/00.0.0.0/0 > > 1024:65535 -> 22 > > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 > > 1022:1023 -> > > 22 > > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 22 -> > > * > > DENY all l- 10.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 0.0.0.0/010.0.0.0/8n/a > > DENY all l- 192.168.0.0/16 0.0.0.0/0 n/a > > DENY all l- 0.0.0.0/0192.168.0.0/16n/a > > DENY all l- 127.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 255.255.255.255 0.0.0.0/0 n/a > > DENY all l- 0.0.0.0/00.0.0.0 n/a > > DENY all l- 224.0.0.0/4 0.0.0.0/0 n/a > > DENY all l- 240.0.0.0/5 0.0.0.0/0 n/a > > DENY all l- 1.0.0.0/80.0.0.0/0 n/a > > DENY all l- 2.0.0.0/80.0.0.0/0 n/a > > DENY all l- 5.0.0.0/80.0.0.0/0 n/a > > DENY all l- 7.0.0.0/80.0.0.0/0 n/a > > DENY all l- 23.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 27.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 31.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 37.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 39.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 41.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 42.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 58.0.0.0/7 0.0.0.0/0 n/a > > DENY all l- 60.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 65.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 66.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 67.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 68.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 69.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 70.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 71.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 72.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 73.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 74.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 75.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 76.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 77.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 78.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 79.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 80.0.0.0/4 0.0.0.0/0 n/a > > DENY all l- 96.0.0.0/4 0.0.0.0/0 n/a > > DENY all l- 112.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 113.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 114.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 115.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 116.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 117.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 118.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 119.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 120.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 121.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 122.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 123.0.0.0/8 0.0.0.0/0 n/a > > DENY all l- 124.0.0.0/8 0.0.0.0/0
[rlug] Re: IPCHAINS - my rules
scuze ca am uitat sa tai mailu mare al lui ionut, dar e numai 3:05 am C --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
[rlug] Re: IPCHAINS - my rules
wow, multe ai la o parcurgere rapida am vazut mai intai un deny -s all -d all -p all apoi vine un allow -s all -d all -p all deci aranjeaza si tu alea, mai taie din ele (acum pentru debug), ca te descurci mai usor cu mai putine reguli C P.S. intrebarea cu forwardul ramane, vad ca tu il ai gol si pe ACCEPT Ionut MURGOCI wrote: > Astea imi sunt regulile : > > Chain input (policy REJECT): > target prot opt sourcedestination ports > ACCEPT udp l- 172.21.31.11 0.0.0.0/0 > 32769:65535 -> 33434:33523 > ACCEPT tcp !y 0.0.0.0/00.0.0.0/0 > 1024:65535 -> 22 > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 > 1022:1023 -> > 22 > ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 22 -> > * > DENY all l- 10.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 0.0.0.0/010.0.0.0/8n/a > DENY all l- 192.168.0.0/16 0.0.0.0/0 n/a > DENY all l- 0.0.0.0/0192.168.0.0/16n/a > DENY all l- 127.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 255.255.255.255 0.0.0.0/0 n/a > DENY all l- 0.0.0.0/00.0.0.0 n/a > DENY all l- 224.0.0.0/4 0.0.0.0/0 n/a > DENY all l- 240.0.0.0/5 0.0.0.0/0 n/a > DENY all l- 1.0.0.0/80.0.0.0/0 n/a > DENY all l- 2.0.0.0/80.0.0.0/0 n/a > DENY all l- 5.0.0.0/80.0.0.0/0 n/a > DENY all l- 7.0.0.0/80.0.0.0/0 n/a > DENY all l- 23.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 27.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 31.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 37.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 39.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 41.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 42.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 58.0.0.0/7 0.0.0.0/0 n/a > DENY all l- 60.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 65.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 66.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 67.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 68.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 69.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 70.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 71.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 72.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 73.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 74.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 75.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 76.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 77.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 78.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 79.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 80.0.0.0/4 0.0.0.0/0 n/a > DENY all l- 96.0.0.0/4 0.0.0.0/0 n/a > DENY all l- 112.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 113.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 114.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 115.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 116.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 117.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 118.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 119.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 120.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 121.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 122.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 123.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 124.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 125.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 126.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 217.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 218.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 219.0.0.0/8 0.0.0.0/0 n/a > DENY all l- 220.0.0.0/6
[rlug] Re: IPCHAINS - my rules
> ACCEPT all -- 0.0.0.0/00.0.0.0/0 n/a > DENY all -- 193.226.23.790.0.0.0/0 n/a nu cred ca mai ajunge cineva la DENY'ul de mai sus, s-a facut un match deja in regula anterioara de ACCEPT. mai ordoneaza putin regulile. btw, daca tot ai reject pe input, de ce mai pui reguli de deny? pune regulile de accept, si ultima in chain'ul de input sa fie un -j DENY --log Camelia --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
