Re: Problème de route
Le vendredi 12 août 2011 18:01:50, Jean-Yves F. Barbier a écrit :
> On Fri, 12 Aug 2011 17:30:30 +0200, Migrec <mic.grentz@online.fr> wrote:
> > > canoe iptables -L
> >
> > Beaucoup de choses, j'ai un script perso qui en gros refuse tout par
> > défaut et j'autorise uniquement certains services.
>
> Un listing serait le bienvenu...
C'est partit !
J'ai collé le listing à la fin pour que ce message soit plus lisble.
> Awai, tiens, je n'avais jamais testé mais c'est vrai que ça rend ça.
> En fait elle ne se voit que qd on trace une adresse externe!
> traceroute www.debian.org
> traceroute to www.debian.org (86.59.118.148), 30 hops max, 60 byte packets
> 1 fwall.defcon1 (192.168.1.1) 0.643 ms 0.856 ms 1.101 ms <<<<<========
> 2 * * *
> 3 93.241.70.86.rev.sfr.net (86.70.241.93) 45.397 ms 45.648 ms 47.120
> ms 4 185.246.103.84.rev.sfr.net (84.103.246.185) 48.762 ms 50.557 ms
> 51.988 ^C
>
> Bien que ça fasse un certain temps que je n'ai plus de router perso
> (micro coincé au fond d'une cave:) je ne pense pas tout avoir oublié: tes
> routes paraissent bonnes donc il doit y avoir un bouclage qq part ailleurs,
> et je ne vois que dans les règles de ton FW.
>
> Mais est-ce que le svr est à même de joindre un service extérieur (eg: lynx
> www.debian.org ou ftp ftp.debian.org)?
Oui !
[root@canoe]:~ # traceroute www.debian.org
traceroute to www.debian.org (82.195.75.97), 30 hops max, 60 byte packets
1 * * *
2 65.226.63.86.rev.sfr.net (86.63.226.65) 41.505 ms 45.331 ms 45.923 ms
3 33.254.63.86.rev.sfr.net (86.63.254.33) 45.071 ms 45.251 ms 45.921 ms
4 30.254.63.86.rev.sfr.net (86.63.254.30) 49.428 ms 49.469 ms 49.515 ms
5 134.254.63.86.rev.sfr.net (86.63.254.134) 53.524 ms 53.570 ms 53.698 ms
6 138.254.63.86.rev.sfr.net (86.63.254.138) 57.627 ms 41.375 ms 41.985 ms
7 150.254.63.86.rev.sfr.net (86.63.254.150) 41.930 ms * *
8 193.246.64.86.rev.sfr.net (86.64.246.193) 45.249 ms 42.272 ms 45.534 ms
9 153.224.63.86.rev.sfr.net (86.63.224.153) 45.740 ms 41.724 ms 45.556 ms
10 * * 177.220.96.84.rev.sfr.net (84.96.220.177) 42.011 ms
11 193.251.216.70 (193.251.216.70) 50.194 ms 50.216 ms 50.358 ms
12 te5-0-0.gr10.ixfra.de.easynet.net (87.86.77.68) 62.172 ms 58.872 ms
62.937 ms
13 ge2-7-111.br2.ixfra.de.easynet.net (87.86.71.229) 63.187 ms 59.360 ms
58.702 ms
14 ge0-1.cr1.ixfra.de.easynet.net (194.64.4.158) 62.822 ms 62.845 ms
62.557 ms
15 194.64.8.38 (194.64.8.38) 62.893 ms 62.966 ms 58.779 ms
16 ge-0-0-2-401.core1.an.f.man-da.net (82.195.67.237) 63.237 ms 63.393 ms
ge-2-0-2-402.core1.rz.hda.da.man-da.net (82.195.67.242) 59.265 ms
17 ge-2-0-6-400.core1.sm.tu.da.man-da.net (82.195.67.69) 89.059 ms
ge-2-0-3-400.core1.sm.tu.da.man-da.net (82.195.67.233) 88.960 ms
ge-2-0-6-400.core1.sm.tu.da.man-da.net (82.195.67.69) 89.079 ms
18 ge-0-2-400.cust1.sm.tu.da.man-da.net (82.195.67.82) 63.008 ms 63.117 ms
63.159 ms
19 fw01-da.ayous.org (82.195.78.38) 59.231 ms 62.822 ms 62.328 ms
20 kokkonen.debian.org (82.195.75.97) 63.441 ms 63.413 ms 63.645 ms
J'ai un serveur DNS également qui me sert de cache et de DNS automatique pour
mes postes du réseau. Le problème pourrait-il venir de là ?
[root@canoe]:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
mauvaise_adresse all -- 10.0.0.0/8 anywhere
mauvaise_adresse all -- 172.16.0.0/12 anywhere
mauvaise_adresse all -- 192.168.0.0/16 anywhere
mauvaise_adresse all -- base-address.mcast.net/4 anywhere
mauvaise_adresse all -- 240.0.0.0/4 anywhere
mauvaise_adresse all -- default anywhere
mauvaise_adresse all -- anywhere 255.255.255.255
mauvaise_adresse all -- loopback/8 anywhere
mauvaise_adresse all -- 192.0.2.0/24 anywhere
mauvaise_adresse all -- link-local/16 anywhere
mauvaise_adresse all -- base-address.mcast.net/3 anywhere
adresses_reservees all -- default/8 anywhere
adresses_reservees all -- 39.0.0.0/8 anywhere
adresses_reservees all -- 102.0.0.0/7 anywhere
adresses_reservees all -- 104.0.0.0/8 anywhere
adresses_reservees all -- 106.0.0.0/8 anywhere
adresses_reservees all -- 179.0.0.0/8 anywhere
adresses_reservees all -- 185.0.0.0/8 anywhere
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE
web_standard all -- anywhere anywhere
web_securise all -- anywhere anywhere
web_erreur all -- anywhere anywhere
mail_reception all -- anywhere anywhere
mail_envoi all -- anywhere anywhere
news all -- anywhere anywhere
ftp all -- anywhere anywhere
ftp_actif all -- anywhere anywhere
ftp_passif all -- anywhere anywhere
dhcp all -- anywhere anywhere
dns all -- anywhere anywhere
dns_serveur all -- anywhere anywhere
mysql_serveur all -- anywhere anywhere
ntp all -- anywhere anywhere
telnet all -- anywhere anywhere
ldap all -- anywhere anywhere
identification all -- anywhere anywhere
controle all -- anywhere anywhere
chat all -- anywhere anywhere
aim all -- anywhere anywhere
msn all -- anywhere anywhere
xmule all -- anywhere anywhere
torrent all -- anywhere anywhere
torrentflux all -- anywhere anywhere
cvs all -- anywhere anywhere
svn all -- anywhere anywhere
web_serveur all -- anywhere anywhere
ssh_client all -- anywhere anywhere
ssh_serveur all -- anywhere anywhere
vnc_client all -- anywhere anywhere
pgp all -- anywhere anywhere
tor all -- anywhere anywhere
realplayer all -- anywhere anywhere
franceinfo all -- anywhere anywhere
minitel all -- anywhere anywhere
wii all -- anywhere anywhere
refuse_et_note all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
web_standard all -- anywhere anywhere
web_securise all -- anywhere anywhere
web_erreur all -- anywhere anywhere
mail_reception all -- anywhere anywhere
mail_envoi all -- anywhere anywhere
news all -- anywhere anywhere
ftp all -- anywhere anywhere
ftp_actif all -- anywhere anywhere
ftp_passif all -- anywhere anywhere
dhcp all -- anywhere anywhere
dns all -- anywhere anywhere
mysql_serveur all -- anywhere anywhere
ntp all -- anywhere anywhere
telnet all -- anywhere anywhere
ldap all -- anywhere anywhere
controle all -- anywhere anywhere
traceroute all -- anywhere anywhere
chat all -- anywhere anywhere
aim all -- anywhere anywhere
msn all -- anywhere anywhere
xmule all -- anywhere anywhere
torrent all -- anywhere anywhere
torrentflux all -- anywhere anywhere
cvs all -- anywhere anywhere
svn all -- anywhere anywhere
web_serveur all -- anywhere anywhere
ssh_client all -- anywhere anywhere
ssh_serveur all -- anywhere anywhere
vnc_client all -- anywhere anywhere
pgp all -- anywhere anywhere
tor all -- anywhere anywhere
realplayer all -- anywhere anywhere
franceinfo all -- anywhere anywhere
minitel all -- anywhere anywhere
wii all -- anywhere anywhere
refuse_et_note all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
web_standard all -- anywhere anywhere
web_securise all -- anywhere anywhere
mail_reception all -- anywhere anywhere
mail_envoi all -- anywhere anywhere
news all -- anywhere anywhere
ftp all -- anywhere anywhere
ftp_actif all -- anywhere anywhere
ftp_passif all -- anywhere anywhere
dhcp all -- anywhere anywhere
dns all -- anywhere anywhere
dns_serveur all -- anywhere anywhere
mysql_serveur all -- anywhere anywhere
ntp all -- anywhere anywhere
telnet all -- anywhere anywhere
ldap all -- anywhere anywhere
identification all -- anywhere anywhere
controle all -- anywhere anywhere
traceroute all -- anywhere anywhere
chat all -- anywhere anywhere
aim all -- anywhere anywhere
msn all -- anywhere anywhere
xmule all -- anywhere anywhere
torrent all -- anywhere anywhere
torrentflux all -- anywhere anywhere
cvs all -- anywhere anywhere
svn all -- anywhere anywhere
web_serveur all -- anywhere anywhere
ssh_client all -- anywhere anywhere
ssh_serveur all -- anywhere anywhere
vnc_client all -- anywhere anywhere
pgp all -- anywhere anywhere
tor all -- anywhere anywhere
realplayer all -- anywhere anywhere
franceinfo all -- anywhere anywhere
minitel all -- anywhere anywhere
wii all -- anywhere anywhere
refuse_et_note all -- anywhere anywhere
Chain LOG_AND_DROP (0 references)
target prot opt source destination
ULOG all -- anywhere anywhere ULOG copy_range 0
nlgroup 1 prefix `Paquet refusé : ' queue_threshold 1
DROP all -- anywhere anywhere
Chain adresses_reservees (7 references)
target prot opt source destination
ULOG all -- anywhere anywhere ULOG copy_range 0
nlgroup 1 prefix `REFUS - IP non allouée' queue_threshold 1
DROP all -- anywhere anywhere
Chain aim (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:24 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:24
dpts:1024:65535 state ESTABLISHED
Chain chat (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpts:ircd:6669 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:ircd:6669 dpts:1024:65535 state ESTABLISHED
Chain controle (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp source-
quench
ACCEPT icmp -- anywhere anywhere icmp
fragmentation-needed
ACCEPT icmp -- anywhere anywhere icmp parameter-
problem
ACCEPT icmp -- anywhere anywhere icmp destination-
unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp destination-
unreachable
ACCEPT icmp -- anywhere anywhere icmp time-
exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-
problem
Chain cvs (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:cvspserver state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spt:cvspserver dpts:1024:65535 state ESTABLISHED
Chain dhcp (3 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:bootpc
dpt:bootps state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:bootps
dpt:bootpc state NEW,ESTABLISHED
Chain dns (3 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:domain
dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:domain
Chain dns_serveur (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp spt:domain
dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:domain
Chain dos (0 references)
target prot opt source destination
Chain franceinfo (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:7070 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:7070
dpts:1024:65535 state ESTABLISHED
Chain ftp (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp
dpts:1024:65535 state ESTABLISHED
Chain ftp_actif (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ftp-data state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data
dpts:1024:65535 state RELATED,ESTABLISHED
Chain ftp_passif (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpts:1024:65535 state ESTABLISHED
Chain identification (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:whois state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:whois
dpts:1024:65535 state ESTABLISHED
Chain ldap (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ldap state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ldap
dpts:1024:65535 state ESTABLISHED
Chain mail_envoi (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:smtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
dpts:1024:65535 state ESTABLISHED
Chain mail_reception (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:pop3 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:imap2 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:imap2
dpts:1024:65535 state ESTABLISHED
Chain mauvaise_adresse (11 references)
target prot opt source destination
ULOG all -- anywhere anywhere ULOG copy_range 0
nlgroup 1 prefix `REFUS - Mauvaise adresse' queue_threshold 1
DROP all -- anywhere anywhere
Chain minitel (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:cisco-sccp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:200
dpts:1024:65535 state ESTABLISHED
Chain msn (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:msnp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:msnp
dpts:1024:65535 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:6891
dpts:1024:65535 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:6891 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:6891 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:6891
dpts:1024:65535 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:6901
ACCEPT udp -- anywhere anywhere udp dpt:6901
ACCEPT tcp -- anywhere anywhere tcp dpt:msnp
ACCEPT udp -- anywhere anywhere udp dpt:msnp
ACCEPT udp -- anywhere anywhere udp dpt:aol
ACCEPT tcp -- anywhere anywhere tcp spt:6891
ACCEPT udp -- anywhere anywhere udp spt:sip
ACCEPT udp -- anywhere anywhere udp spt:9000
ACCEPT udp -- anywhere anywhere udp spt:9010
ACCEPT udp -- anywhere anywhere udp spt:6065
dpts:1024:65535 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:2117
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:2117
Chain mysql_serveur (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:mysql state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:mysql
dpts:1024:65535 state ESTABLISHED
Chain news (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:nntp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:nntp
dpts:1024:65535 state ESTABLISHED
Chain ntp (3 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:ntp
dpt:ntp state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:ntp
dpt:ntp state RELATED,ESTABLISHED
Chain pgp (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:hkp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:hkp
dpts:1024:65535 state ESTABLISHED
Chain realplayer (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:rtsp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:rtsp
dpts:1024:65535 state ESTABLISHED
Chain refuse_et_note (3 references)
target prot opt source destination
ULOG all -- anywhere anywhere ULOG copy_range 0
nlgroup 1 prefix `Paquet rejetté :' queue_threshold 1
DROP all -- anywhere anywhere
Chain ssh_client (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
dpts:1024:65535 state ESTABLISHED
Chain ssh_serveur (3 references)
target prot opt source destination
ULOG tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ssh state NEW ULOG copy_range 0 nlgroup 1 prefix `Connexion
SSH: ' queue_threshold 1
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
dpts:1024:65535 state ESTABLISHED
Chain svn (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:svn state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:svn
dpts:1024:65535 state ESTABLISHED
Chain telnet (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:telnet state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:telnet
dpts:1024:65535 state ESTABLISHED
Chain tor (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:9001 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:9030 state NEW,ESTABLISHED
Chain torrent (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:6881
state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:6881
state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:6881
state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:6881
state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
dpts:6881:6899
ACCEPT tcp -- anywhere anywhere tcp
dpts:6881:6899
ACCEPT tcp -- anywhere anywhere tcp dpt:6969
ACCEPT tcp -- anywhere anywhere tcp dpt:6969
Chain torrentflux (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:49160:49300
ACCEPT tcp -- anywhere anywhere tcp
dpts:49160:49300
Chain traceroute (2 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
spts:32769:65535 dpts:33434:65535
Chain vnc_client (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:5900 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:5900
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:5800 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:5800
dpts:1024:65535 state ESTABLISHED
Chain web_erreur (2 references)
target prot opt source destination
ULOG tcp -- anywhere anywhere tcp spt:www state
RELATED ULOG copy_range 0 nlgroup 1 prefix `REFUS - paquet RELATED:'
queue_threshold 1
ULOG tcp -- anywhere anywhere tcp spt:www state
INVALID ULOG copy_range 0 nlgroup 1 prefix `REFUS - paquet INVALID:'
queue_threshold 1
ULOG tcp -- anywhere anywhere tcp spt:www state
NEW ULOG copy_range 0 nlgroup 1 prefix `REFUS - paquet NEW:' queue_threshold 1
DROP tcp -- anywhere anywhere tcp spt:www state
INVALID,NEW,RELATED
Chain web_securise (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:https
dpts:1024:65535 state ESTABLISHED
Chain web_serveur (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:www state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:www
dpts:1024:65535 state ESTABLISHED
Chain web_standard (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:www state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:www
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:http-alt state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http-alt
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:tproxy state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:tproxy
dpts:1024:65535 state ESTABLISHED
Chain wii (3 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpts:1024:65535 state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpts:1024:65535 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:28910 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:28910
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:29900 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:29900
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:29901 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:29901
dpts:1024:65535 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:29920 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:29920
dpts:1024:65535 state ESTABLISHED
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:https state NEW,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp spt:https
dpts:1024:65535 state ESTABLISHED
Chain xmule (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4665
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT tcp -- anywhere anywhere tcp spt:4662
ACCEPT udp -- anywhere anywhere udp spt:4665
ACCEPT udp -- anywhere anywhere udp spt:4672
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:4661
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:4662
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:4650
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:4665
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:4672
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:4653
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:4242
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:4661
ACCEPT tcp -- anywhere anywhere tcp
spts:1024:65535 dpt:4662
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:4665
ACCEPT udp -- anywhere anywhere udp
spts:1024:65535 dpt:4672
ACCEPT udp -- anywhere anywhere udp spt:4653
dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp spt:4662
dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp spt:4665
dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp spt:4672
dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp spt:4653
dpts:1024:65535
--
Migrec
OpenPGP key ID : B2BAFAFA
Available on http://www.keyserver.net
Reply to: