witam,
Zainstalowalem sobie nowe nnd i niceshaper'a
potem w /etc/rc.d/iptables dalem save i zapisalo mi regulki do pliku /etc/iptables/iptables.rules
:
# Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005
*filter
:INPUT DROP [72809:5286018]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [18113:7587085]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 135,445 -j DROP
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT -i ! eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o lo -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 135,445 -j DROP
-A FORWARD -i ! eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Jan 31 19:42:18 2005
# Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005
*mangle
:PREROUTING ACCEPT [4332988:1943617490]
:INPUT ACCEPT [104881:9583447]
:FORWARD ACCEPT [4228062:1934028369]
:OUTPUT ACCEPT [18113:7587085]
:POSTROUTING ACCEPT [4246175:1941615454]
:niceshaper_dl - [0:0]
:niceshaper_ul - [0:0]
-A PREROUTING -s 195.182.164.0/255.255.255.0 -i eth1 -j niceshaper_ul
-A POSTROUTING -d 195.182.164.0/255.255.255.0 -o eth1 -j niceshaper_dl
-A niceshaper_dl -s 195.182.164.1 -d 195.182.164.0/255.255.255.0 -o eth1 -j RETURN
-A niceshaper_dl -s 83.16.49.98 -d 195.182.164.0/255.255.255.0 -o eth1 -j RETURN
-A niceshaper_dl
-A niceshaper_dl -d 195.182.164.1 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.2 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.3 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.4 -o eth1 -j RETURN
-A niceshaper_dl -d 195.182.164.5 -o eth1 -j RETURN
.....
-A niceshaper_dl -d 195.182.164.50 -o eth1 -j RETURN
-A niceshaper_ul -s 195.182.164.0/255.255.255.0 -d 195.182.164.1 -i eth1 -j RETURN
-A niceshaper_ul -s 195.182.164.0/255.255.255.0 -d 83.16.49.98 -i eth1 -j RETURN
-A niceshaper_ul
-A niceshaper_ul -s 195.182.164.1 -i eth1 -j MARK --set-mark 0x801
-A niceshaper_ul -s 195.182.164.2 -i eth1 -j MARK --set-mark 0x802
-A niceshaper_ul -s 195.182.164.3 -i eth1 -j MARK --set-mark 0x803
-A niceshaper_ul -s 195.182.164.4 -i eth1 -j MARK --set-mark 0x804
-A niceshaper_ul -s 195.182.164.5 -i eth1 -j MARK --set-mark 0x805
....
-A niceshaper_ul -s 195.182.164.50 -i eth1 -j MARK --set-mark 0x832
COMMIT
# Completed on Mon Jan 31 19:42:18 2005
# Generated by iptables-save v1.2.11 on Mon Jan 31 19:42:18 2005
*nat
:PREROUTING ACCEPT [202193:12918989]
:POSTROUTING ACCEPT [2:96]
:OUTPUT ACCEPT [5:275]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Jan 31 19:42:18 2005
Natomiast po wydaniu komendy: iptables -L mam cos takiego:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP tcp -- anywhere anywhere multiport dports 135,445
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:1080 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP tcp -- anywhere anywhere multiport dports 135,445
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
czy moglby mi ktos pomoc z tym firewallem?
nie bardzo wiem jak sobie z tym poradzic. Z gory wielkie dzieki[/code]
Zaloguj się
Zarejestruj się
FAQ
Szukaj
