[Comm] iptables
Alex S. Orel
=?iso-8859-1?q?weblab_=CE=C1_fm=2Ecom=2Eua?=
Чт Фев 5 16:26:42 MSK 2004
Hello Andriy,
Thursday, February 5, 2004, 3:21:53 PM, you wrote:
ADsk> Начнем с начала. Как не работающий iptables может мешать пингу и
ADsk> остальным?
ADsk> Что говорит iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
54 4737 bad_tcp_packets tcp -- any any anywhere anywhere
38 9690 ACCEPT all -- lo any localhost.localdomain anywhere
2 254 ACCEPT all -- lo any is.comphunter.com.ua anywhere
0 0 ACCEPT all -- lo any is.comphunter.com.ua anywhere
66 7966 ACCEPT all -- eth0 any 192.168.0.0/24 anywhere
35 5603 ACCEPT all -- any any anywhere is.comphunter.com.uastate RELATED,ESTABLISHED
0 0 tcp_packets tcp -- any any anywhere anywhere
0 0 udp_packets udp -- any any anywhere anywhere
0 0 icmp_packets icmp -- any any anywhere anywhere
0 0 DROP all -- eth2 any anywhere BASE-ADDRESS.MCAST.NET/8
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT INPUT packet died: '
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 bad_tcp_packets tcp -- any any anywhere anywhere
0 0 ACCEPT all -- eth0 any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT FORWARD packet died: '
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
49 3164 bad_tcp_packets tcp -- any any anywhere anywhere
38 9690 ACCEPT all -- any any localhost.localdomain anywhere
58 6466 ACCEPT all -- any any is.comphunter.com.ua anywhere
0 0 ACCEPT all -- any any is.comphunter.com.ua anywhere
36 2592 ACCEPT all -- any any is.comphunter.com.ua anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 3 LOG level debug prefix `IPT OUTPUT packet died: '
Chain allowed (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp flags:SYN,RST,ACK/SYN
0 0 ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP tcp -- any any anywhere anywhere
Chain bad_tcp_packets (3 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere state NEW tcp flags:SYN,ACK/SYN,ACK reject-with tcp-reset
6 1428 LOG tcp -- any any anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN LOG level warning prefix `New not syn:'
6 1428 DROP tcp -- any any anywhere anywhere state NEW tcp flags:!SYN,RST,ACK/SYN
Chain icmp_packets (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
Chain tcp_packets (1 references)
pkts bytes target prot opt in out source destination
0 0 allowed tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 allowed tcp -- any any anywhere anywhere tcp dpt:http
Chain udp_packets (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domain
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:4000
0 0 DROP udp -- eth2 any anywhere 10.0.2.255 udp dpts:135:netbios-ssn
0 0 DROP udp -- eth2 any anywhere 255.255.255.255 udp dpts:bootps:bootpc
ADsk> Что chkconfig --list |grep iptables
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
--
Best regards,
Alex mailto:weblab на fm.com.ua
Подробная информация о списке рассылки community