Следите за новостями русскоязычного сообщества Ubuntu в Twitter-ленте @ubuntu_ru_loco
0 Пользователей и 1 Гость просматривают эту тему.
дал команду... тишина в ответ
А если еще увидел приглашение $, так и вообще хорошо. По файерстартеру помочь не могу, так как никогда не пользовал , а вот по командам iptables, пжлст.покажи файлик конфига iptables.#iptables-save > file
# Generated by iptables-save v1.3.6 on Thu Sep 13 23:03:13 2007*filter:INPUT DROP [0:0]:FORWARD DROP [0:0]:OUTPUT DROP [5:480]:f0to1 - [0:0]:f1to0 - [0:0]:logaborted - [0:0]:logaborted2 - [0:0]:logdrop - [0:0]:logdrop2 - [0:0]:logreject - [0:0]:logreject2 - [0:0]:nicfilt - [0:0]:s0 - [0:0]:s1 - [0:0]:srcfilt - [0:0]-A INPUT -i lo -j ACCEPT -A INPUT -s 192.168.1.5 -d 192.168.1.255 -i ath0 -j ACCEPT -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -m tcp --tcp-flags RST RST -j logaborted -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT -A INPUT -j nicfilt -A INPUT -j srcfilt -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 11 -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type 12 -j ACCEPT -A FORWARD -j srcfilt -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 12 -j ACCEPT -A OUTPUT -j s1 -A f0to1 -p esp -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 3130 -j ACCEPT -A f0to1 -p udp -m udp --dport 514 -j ACCEPT -A f0to1 -p udp -m udp --dport 33434:33600 -j ACCEPT -A f0to1 -p icmp -m icmp --icmp-type 4 -j ACCEPT -A f0to1 -p ah -j ACCEPT -A f0to1 -p icmp -m icmp --icmp-type 8 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 8118 -m state --state NEW -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 5050 -m state --state NEW -j ACCEPT -A f0to1 -p tcp -m tcp --dport 515 -m state --state NEW -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 3128 -m state --state NEW -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 1080 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --dport 1080 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 43 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --dport 43 -j ACCEPT -A f0to1 -p tcp -m tcp --dport 445 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 88 -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 4444 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 749 -m state --state NEW -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 464 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 464 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 749 -m state --state NEW -j ACCEPT -A f0to1 -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --dport 53 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 113 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --dport 113 -j ACCEPT -A f0to1 -p tcp -m tcp --dport 137 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 137 -j ACCEPT -A f0to1 -p udp -m udp --sport 137 --dport 137 -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 138 -j ACCEPT -A f0to1 -p udp -m udp --sport 138 --dport 138 -j ACCEPT -A f0to1 -p tcp -m tcp --dport 139 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 139 -j ACCEPT -A f0to1 -p tcp -m tcp --dport 111 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --dport 111 -j ACCEPT -A f0to1 -p tcp -m tcp --dport 1024:5999 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --dport 1024:5999 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 1723 -m state --state NEW -j ACCEPT -A f0to1 -p gre -j ACCEPT -A f0to1 -p udp -m udp --dport 500 -j ACCEPT -A f0to1 -p udp -m udp --sport 1024:65535 --dport 3130 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 3900:3999 -m state --state NEW -j ACCEPT -A f0to1 -p icmp -m icmp --icmp-type 0 -j ACCEPT -A f0to1 -p udp -m udp --sport 5050 --dport 5050 -j ACCEPT -A f0to1 -p tcp -m tcp --sport 1024:65535 --dport 6881:6889 -m state --state NEW -j ACCEPT -A f0to1 -p udp -m udp --sport 137 --dport 1024:5999 -j ACCEPT -A f0to1 -p udp -m udp --sport 137 --dport 137 -j ACCEPT -A f0to1 -p udp -m udp --sport 138 --dport 138 -j ACCEPT -A f0to1 -p udp -m udp --dport 6970:7170 -j ACCEPT -A f0to1 -p icmp -m icmp --icmp-type 5 -j ACCEPT -A f0to1 -j logdrop -A f1to0 -p udp -m udp --sport 1024:65535 --dport 3130 -j ACCEPT -A f1to0 -p icmp -m icmp --icmp-type 0 -j ACCEPT -A f1to0 -p udp -m udp --sport 5050 --dport 5050 -j ACCEPT -A f1to0 -p udp -m udp --sport 137 --dport 1024:65535 -j ACCEPT -A f1to0 -p udp -m udp --sport 137 --dport 137 -j ACCEPT -A f1to0 -p udp -m udp --sport 138 --dport 138 -j ACCEPT -A f1to0 -p icmp -m icmp --icmp-type 5 -j ACCEPT -A f1to0 -p esp -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:65535 --dport 3130 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 901 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 25 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 5900:5903 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 5800 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 5190 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 514 -j ACCEPT -A f1to0 -p udp -m udp --dport 33434:33600 -j ACCEPT -A f1to0 -p icmp -m icmp --icmp-type 4 -j ACCEPT -A f1to0 -p ah -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 80 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 8080 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 8008 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 8000 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 8888 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 22 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 0:1023 --dport 22 -m state --state NEW -j ACCEPT -A f1to0 -p icmp -m icmp --icmp-type 8 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 8118 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 110 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 5050 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 37 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 37 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 11371 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --dport 515 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 1080 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 1080 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 3128 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 43 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 43 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 6660:6669 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 161 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 6881:6889 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 5222 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 5223 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --dport 445 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 88 -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 4444 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 749 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 464 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 464 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 749 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 53 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 113 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 113 -j ACCEPT -A f1to0 -p tcp -m tcp --dport 137 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 137 -j ACCEPT -A f1to0 -p udp -m udp --sport 137 --dport 137 -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 138 -j ACCEPT -A f1to0 -p udp -m udp --sport 138 --dport 138 -j ACCEPT -A f1to0 -p tcp -m tcp --dport 139 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --sport 1024:5999 --dport 139 -j ACCEPT -A f1to0 -p tcp -m tcp --dport 111 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 111 -j ACCEPT -A f1to0 -p tcp -m tcp --dport 1024:65535 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 1024:65535 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 443 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --dport 554 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --dport 7070 -m state --state NEW -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 1723 -m state --state NEW -j ACCEPT -A f1to0 -p gre -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 21 -m state --state NEW -j ACCEPT -A f1to0 -p udp -m udp --dport 500 -j ACCEPT -A f1to0 -p tcp -m tcp --sport 1024:5999 --dport 6969 -m state --state NEW -j ACCEPT -A f1to0 -j logdrop -A logaborted -m limit --limit 1/sec --limit-burst 10 -j logaborted2 -A logaborted -m limit --limit 2/min --limit-burst 1 -j LOG --log-prefix "LIMITED " -A logaborted2 -j LOG --log-prefix "ABORTED " --log-tcp-sequence --log-tcp-options --log-ip-options -A logaborted2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A logdrop -m limit --limit 1/sec --limit-burst 10 -j logdrop2 -A logdrop -m limit --limit 2/min --limit-burst 1 -j LOG --log-prefix "LIMITED " -A logdrop -j DROP -A logdrop2 -j LOG --log-prefix "DROPPED " --log-tcp-sequence --log-tcp-options --log-ip-options -A logdrop2 -j DROP -A logreject -m limit --limit 1/sec --limit-burst 10 -j logreject2 -A logreject -m limit --limit 2/min --limit-burst 1 -j LOG --log-prefix "LIMITED " -A logreject -p tcp -j REJECT --reject-with tcp-reset -A logreject -p udp -j REJECT --reject-with icmp-port-unreachable -A logreject -j DROP -A logreject2 -j LOG --log-prefix "REJECTED " --log-tcp-sequence --log-tcp-options --log-ip-options -A logreject2 -p tcp -j REJECT --reject-with tcp-reset -A logreject2 -p udp -j REJECT --reject-with icmp-port-unreachable -A logreject2 -j DROP -A nicfilt -i ath0 -j RETURN -A nicfilt -i ath0 -j RETURN -A nicfilt -i lo -j RETURN -A nicfilt -j logdrop -A s0 -d 192.168.1.5 -j f0to1 -A s0 -d 192.168.1.255 -j f0to1 -A s0 -d 127.0.0.1 -j f0to1 -A s0 -j logdrop -A s1 -j f1to0 -A srcfilt -j s0 COMMIT# Completed on Thu Sep 13 23:03:13 2007
Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-13 23:04 YEKSTInteresting ports on home2 (192.168.1.5):Not shown: 1696 closed portsPORT STATE SERVICE1723/tcp open pptpNmap finished: 1 IP address (1 host up) scanned in 0.216 seconds
а в логах что пишется?
xenar, посмотри вот еще https://help.ubuntu.com/community/IptablesHowTo?highlight=%28iptables%29
Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-14 21:31 YEKSTInteresting ports on home2 (192.168.1.5):Not shown: 1696 closed portsPORT STATE SERVICE1723/tcp open pptp
xenar@home2:~$ sudo iptables -LChain INPUT (policy DROP)target prot opt source destinationACCEPT 0 -- anywhere anywherebad_packets 0 -- anywhere anywhereнDROP 0 -- anywhere ALL-SYSTEMS.MCAST.NETACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHEDtcp_inbound tcp -- anywhere anywhereudp_inbound udp -- anywhere anywhereicmp_packets icmp -- anywhere anywhereDROP 0 -- anywhere anywhere PKTTYPE = broadcastLOG 0 -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `INPUT packet died: 'Chain FORWARD (policy DROP)target prot opt source destinationChain OUTPUT (policy DROP)target prot opt source destinationDROP icmp -- anywhere anywhere state INVALIDACCEPT 0 -- localhost anywhereACCEPT 0 -- anywhere anywhereACCEPT 0 -- anywhere anywhereLOG 0 -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: 'Chain bad_packets (1 references)target prot opt source destinationLOG 0 -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: 'DROP 0 -- anywhere anywhere state INVALIDbad_tcp_packets tcp -- anywhere anywhereRETURN 0 -- anywhere anywhereChain bad_tcp_packets (1 references)target prot opt source destinationLOG tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: 'DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEWLOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE LOG level warning prefix `Stealth scan: 'DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONELOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG LOG level warning prefix `Stealth scan: 'DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URGLOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG LOG level warning prefix `Stealth scan: 'DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URGLOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG LOG level warning prefix `Stealth scan: 'DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URGLOG tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST LOG level warning prefix `Stealth scan: 'DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RSTLOG tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN LOG level warning prefix `Stealth scan: 'DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYNRETURN tcp -- anywhere anywhereChain icmp_packets (1 references)target prot opt source destinationLOG icmp -f anywhere anywhere LOG level warning prefix `ICMP Fragment: 'DROP icmp -f anywhere anywhereDROP icmp -- anywhere anywhere icmp echo-requestACCEPT icmp -- anywhere anywhere icmp time-exceededRETURN icmp -- anywhere anywhereChain tcp_inbound (1 references)target prot opt source destinationRETURN tcp -- anywhere anywhereChain tcp_outbound (0 references)target prot opt source destinationACCEPT tcp -- anywhere anywhereChain udp_inbound (1 references)target prot opt source destinationDROP udp -- anywhere anywhere udp dpt:netbios-nsDROP udp -- anywhere anywhere udp dpt:netbios-dgmACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpcRETURN udp -- anywhere anywhereChain udp_outbound (0 references)target prot opt source destinationACCEPT udp -- anywhere anywhere
Где смотреть?
Страница сгенерирована за 0.037 секунд. Запросов: 23.