Problemi script firewall-builder.

To: debian-italian <debian-italian@lists.debian.org>
Subject: Problemi script firewall-builder.
From: Matteo Confente <m.conf@alice.it>
Date: Sat, 22 Oct 2005 21:23:22 +0200
Message-id: <[🔎] 435A91AA.5090205@alice.it>

Ho usato lo script trovato su debianitalia.org (è lo stesso che c'è sudebianizzati.org) e ho fatto tutti i dovuti adattamenti. Funziona tuttoa dovere passando i parametri "router" o "stop" (in quest'ultimo caso ilnat è disabilitato), mentre con "start" sull'interfaccia eth1 dove c'èl'ip pubblico tutte le porte risultano chiuse. Io però ho decommentatole righe che aprono le porte 21,22,25,80,993. Lanciando lo script con ilparametro "policy" ottengo in output (eth0 interfaccia interna192.168.0.6, eth1 interfaccia esterna):


Politiche ...
Chain INPUT (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out sourcedestination0 0 ACCEPT all -- lo * 0.0.0.0/00.0.0.0/00 0 ACCEPT all -- eth0 * 192.168.0.0/240.0.0.0/00 0 ACCEPT all -- eth0 * 192.168.0.60.0.0.0/033 2340 ACCEPT all -- * * 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED0 0 ACCEPT icmp -- eth1 * 0.0.0.0/00.0.0.0/0 icmp type 00 0 ACCEPT icmp -- eth1 * 0.0.0.0/00.0.0.0/0 icmp type 30 0 ACCEPT icmp -- eth1 * 0.0.0.0/00.0.0.0/0 icmp type 110 0 DROP icmp -- eth1 * 0.0.0.0/00.0.0.0/0 icmp type 80 0 ACCEPT icmp -- eth0 * 192.168.0.00.0.0.0/00 0 ACCEPT udp -- eth1 * 151.99.125.20.0.0.0/0 udp spt:530 0 ACCEPT udp -- eth1 * 151.99.0.1000.0.0.0/0 udp spt:530 0 ACCEPT udp -- * * 0.0.0.0/00.0.0.0/0 udp spt:530 0 DROP all -- * * 0.0.0.0/0255.255.255.2550 0 SYN-FLOOD tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x16/0x020 0 chain-log tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x3F/0x290 0 chain-log tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x3F/0x160 0 chain-log tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x3F/0x000 0 chain-log tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x06/0x060 0 chain-log tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x03/0x030 0 chain-log tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x01/0x010 0 DROP udp -- * * 0.0.0.0/00.0.0.0/0 udp dpts:135:1390 0 chain-log all -- eth1 * 0.0.0.0/00.0.0.0/0 state INVALID,NEW0 0 chain-log all -- eth0 * 0.0.0.0/00.0.0.0/0 state INVALID,NEW0 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:210 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:220 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:250 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 multiport dports 80,4430 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:993


Chain FORWARD (policy DROP 0 packets, 0 bytes)

pkts bytes target prot opt in out sourcedestination0 0 TCPMSS tcp -- * * 0.0.0.0/00.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU0 0 ACCEPT all -- * * 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED0 0 DROP all -- eth1 * 0.0.0.0/00.0.0.0/0 state INVALID,NEW0 0 ACCEPT all -- * eth1 0.0.0.0/00.0.0.0/0


Chain OUTPUT (policy ACCEPT 26 packets, 3496 bytes)

pkts bytes target prot opt in out sourcedestination0 0 ACCEPT udp -- * * 0.0.0.0/00.0.0.0/0 udp dpt:530 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 multiport dports 80,4430 0 ACCEPT tcp -- * eth1 0.0.0.0/00.0.0.0/0 tcp dpt:21 state NEW,RELATED,ESTABLISHED0 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:250 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:1100 0 LOG tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:22 flags:0x16/0x02 state NEW LOG flags 0level 6 prefix `---SSH from eth1---'0 0 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:22


Chain SYN-FLOOD (1 references)

pkts bytes target prot opt in out sourcedestination0 0 chain-log all -- * * 0.0.0.0/00.0.0.0/0 limit: avg 1/sec burst 4


Chain chain-log (9 references)

pkts bytes target prot opt in out sourcedestination0 0 LOG all -- * * 0.0.0.0/00.0.0.0/0 LOG flags 0 level 60 0 DROP all -- * * 0.0.0.0/00.0.0.0/0



Ma non dovrebbero essere aperte quelle porte?
Qualcuno ha già provato con successo il suddetto script?
Grazie.

Reply to:

Prev by Date: Re: spamd Can't locate Net/DNS.pm
Next by Date: Re: allegati latex
Previous by thread: Re: spamd Can't locate Net/DNS.pm
Next by thread: Consigli sofware per riproduttore SHN
Index(es):
- Date
- Thread