Re: Iptables Unverständniss ...
Heiko Schlittermann schrieb:
Vielleicht kannst Du mal ein
iptables -L -n -v
machen und uns zeigen.
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
339 152K LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`INPUT INVALID '
0 0 DROP 0 -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x05/0x05
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x11/0x01
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x18/0x08
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x30/0x20
6 571 ACCEPT 0 -- lo * 0.0.0.0/0
0.0.0.0/0
733 362K ACCEPT 0 -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth2 * 192.168.23.0/24
0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT udp -- eth2 * 0.0.0.0/0
0.0.0.0/0 state NEW udp dpt:123
0 0 ACCEPT udp -- eth2 * 0.0.0.0/0
0.0.0.0/0 udp spt:53
0 0 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 state NEW icmp type 8
0 0 MY_REJECT 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID limit: avg 2/sec burst 5 LOG flags 0
level 4 prefix `FORWARD INVALID '
0 0 DROP 0 -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x3F/0x00
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x03/0x03
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x06/0x06
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x05/0x05
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x11/0x01
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x18/0x08
0 0 MY_DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x30/0x20
0 0 ACCEPT 0 -- !eth2 * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT 0 -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 MY_REJECT 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID limit: avg 2/sec burst 5 LOG flags 0
level 4 prefix `OUTPUT INVALID '
0 0 DROP 0 -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
6 571 ACCEPT 0 -- * lo 0.0.0.0/0
0.0.0.0/0
747 66879 ACCEPT 0 -- * * 0.0.0.0/0
0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 MY_REJECT 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain MY_DROP (14 references)
pkts bytes target prot opt in out source
destination
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`PORTSCAN DROP '
0 0 DROP 0 -- * * 0.0.0.0/0
0.0.0.0/0
Chain MY_REJECT (3 references)
pkts bytes target prot opt in out source
destination
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`REJECT TCP '
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`REJECT UDP '
0 0 REJECT udp -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`DROP ICMP '
0 0 DROP icmp -- * * 0.0.0.0/0
0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0
0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix
`REJECT OTHER '
0 0 REJECT 0 -- * * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-proto-unreachable
Zur Erklärung. habe meinen Laptop im Netz (über WLAN) bei dem ich nur
ssh zulassen möchte und sonst alles dicht machen. ich möchte aber auch
das er sich im netzwerk kanns normal verhählt. Hänge mal das Script
dran. THX Marco
### 200
Reply to: