[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fwctl 0.26 и Woody

On Tue, 12 Sep 2000, Konstantin Kubatkin wrote:

> Date: Tue, 12 Sep 2000 14:07:44 +0300
> From: Konstantin Kubatkin <cat@3logic.net>
> To: Debian Russian <debian-russian@lists.debian.org>
> Subject: fwctl 0.26 и Woody
> Resent-Date: Tue, 12 Sep 2000 15:08:02 +0400 (MSD)
> Resent-From: debian-russian@lists.debian.org
> 
> 
> 1) 
> 
> а кто чем пользуется для задания правил ipchains?
> 
> 2)
> 
>  кто может объяснить мне поведение fwctl в woody?
> 
> описан интерфейс
> 
> EXT     eth0            195.38.16.6/26
> 
> и правила
> 
> accept all -src LOCAL_IP -dst LOCAL_IP
> accept all -src EXT_NET -dst EXT_NET
> accept all -src EXT_NET -dst EXT_IP
> accept all -src EXT_IP -dst EXT_NET
> accept all -src EXT_IP -dst INTERNET
> 
> а на выходе получаю вот что
> 
> -A all-in -s 127.0.0.1/255.255.255.255 -d 127.0.0.1/255.255.255.255 -ilo
> -j ACCEPT
> -A all-in -s 127.0.0.1/255.255.255.255 -d 127.0.0.1/255.255.255.255 -ilo
> -j ACCEPT
> -A all-in -s 195.38.16.0/255.255.255.192 -d 195.38.16.0/255.255.255.192
> -i eth0 -j ACCEPT
> -A all-in -s 195.38.16.0/255.255.255.192 -d 195.38.16.0/255.255.255.192
> -i eth0 -j ACCEPT
> -A all-in -s 195.38.16.0/255.255.255.192 -d 195.38.16.6/255.255.255.255
> -i eth0 -j ACCEPT
> -A all-in -s 195.38.16.0/255.255.255.192 -d 195.38.16.6/255.255.255.255
> -i lo -j ACCEPT
> -A all-in -s 195.38.16.6/255.255.255.255 -d 195.38.16.0/255.255.255.192
> -i lo -j ACCEPT
> -A all-in -s 195.38.16.6/255.255.255.255 -d 195.38.16.0/255.255.255.192
> -i lo -j ACCEPT
> -A all-in -s 195.38.16.0/255.255.255.192 -d 195.38.16.6/255.255.255.255
> -i eth0 -j ACCEPT
> -A all-in -s 195.38.16.0/255.255.255.192 -d 195.38.16.6/255.255.255.255
> -i lo -j ACCEPT
> -A all-in -s 0.0.0.0/0.0.0.0 -d 195.38.16.6/255.255.255.255 -i eth0 -j
> ACCEPT
> -A all-out -s 127.0.0.1/255.255.255.255 -d 127.0.0.1/255.255.255.255 -i
> lo -j ACCEPT
> -A all-out -s 127.0.0.1/255.255.255.255 -d 127.0.0.1/255.255.255.255 -i
> lo -j ACCEPT
> -A all-out -s 195.38.16.0/255.255.255.192 -d 195.38.16.6/255.255.255.255
> -i lo -j ACCEPT
> -A all-out -s 195.38.16.6/255.255.255.255 -d 195.38.16.0/255.255.255.192
> -i eth0 -j ACCEPT
> -A all-out -s 195.38.16.6/255.255.255.255 -d 195.38.16.0/255.255.255.192
> -i lo -j ACCEPT
> -A all-out -s 195.38.16.6/255.255.255.255 -d 195.38.16.0/255.255.255.192
> -i eth0 -j ACCEPT
> -A all-out -s 195.38.16.6/255.255.255.255 -d 195.38.16.0/255.255.255.192
> -i lo -j ACCEPT
> -A all-out -s 195.38.16.0/255.255.255.192 -d 195.38.16.6/255.255.255.255
> -i lo -j ACCEPT
> -A all-out -s 195.38.16.6/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -j
> ACCEPT
> 
> 
>  в связи с чем вопросы: 
> 
> 1) почему дублируются записи? к примеру 1 и 2 запись all-in полностью
> идентичны и не только они
> 2) почему у меня появилась строка
> 
> -A all-in -s 0.0.0.0/0.0.0.0 -d 195.38.16.6/255.255.255.255 -i eth0 -j
> ACCEPT
> 
> ведь у меня в правилах четко указанно
> 
> accept all -src EXT_IP -dst INTERNET
> 
> и все. может он сам делает bidirectional? тогда где это выключить?
> 
>  заранее спасибо за советы
> 
> -- 
> Konstantin Kubatkin
> KK4501-RIPE, Kherson, TriLogiC Group
> Fido: 2:468/0@FidoNet
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-russian-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-russian-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 
> 

---
WBR, Michael Vlasov, Matrix NOC, MICHAEL-RIPN 
(095) 961-2109 [ www.matrix.ru ] ICQ:12612617
Reply to: