* [Comm] IPTABLES problem
@ 2005-09-29 15:11 Michael Holzman
2005-09-30 4:15 ` Alexey V. Novikov
2005-09-30 5:04 ` Aleksander N. Gorohovski
0 siblings, 2 replies; 3+ messages in thread
From: Michael Holzman @ 2005-09-29 15:11 UTC (permalink / raw)
To: ALT Linux Community
Уважаемое community!
Объясните, пожалуйста, почему приведенный ниже файл конфигурации
iptables ничего не фильтрует?
# Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
*nat
:PREROUTING ACCEPT [3404:355335]
:POSTROUTING ACCEPT [4946:259245]
:OUTPUT ACCEPT [11325:439233]
[146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
#
*mangle
:PREROUTING ACCEPT [175367:159461944]
:INPUT ACCEPT [170807:159947518]
:FORWARD ACCEPT [6112:571711]
:OUTPUT ACCEPT [227467:15591197]
:POSTROUTING ACCEPT [236980:16323205]
COMMIT
#
*filter
:INPUT ACCEPT [168880:158869739]
:FORWARD ACCEPT [6070:568960]
:OUTPUT ACCEPT [227467:15591197]
[0:0] -A INPUT -i eth1 -j ACCEPT
[7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
COMMIT
# Completed on Sat Sep 10 21:14:42 2005
--
Regards,
Michael Holzman
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Comm] IPTABLES problem
2005-09-29 15:11 [Comm] IPTABLES problem Michael Holzman
@ 2005-09-30 4:15 ` Alexey V. Novikov
2005-09-30 5:04 ` Aleksander N. Gorohovski
1 sibling, 0 replies; 3+ messages in thread
From: Alexey V. Novikov @ 2005-09-30 4:15 UTC (permalink / raw)
To: Michael Holzman, ALT Linux Community
29.09.2005 19:11, Michael Holzman пишет:
> Уважаемое community!
>
> Объясните, пожалуйста, почему приведенный ниже файл конфигурации
> iptables ничего не фильтрует?
>
> # Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
> *nat
> :PREROUTING ACCEPT [3404:355335]
> :POSTROUTING ACCEPT [4946:259245]
> :OUTPUT ACCEPT [11325:439233]
> [146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> #
> *mangle
> :PREROUTING ACCEPT [175367:159461944]
> :INPUT ACCEPT [170807:159947518]
> :FORWARD ACCEPT [6112:571711]
> :OUTPUT ACCEPT [227467:15591197]
> :POSTROUTING ACCEPT [236980:16323205]
> COMMIT
> #
> *filter
> :INPUT ACCEPT [168880:158869739]
> :FORWARD ACCEPT [6070:568960]
> :OUTPUT ACCEPT [227467:15591197]
> [0:0] -A INPUT -i eth1 -j ACCEPT
> [7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> [0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
> COMMIT
> # Completed on Sat Sep 10 21:14:42 2005
А должен? У Вас же почти везде стоит accept, кроме последнего
правила, а iptables рассматривает их по порядку.
Измените дефолты на drop - все начнет фильтровать.
--
WBR, Alexey V. Novikov
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Comm] IPTABLES problem
2005-09-29 15:11 [Comm] IPTABLES problem Michael Holzman
2005-09-30 4:15 ` Alexey V. Novikov
@ 2005-09-30 5:04 ` Aleksander N. Gorohovski
1 sibling, 0 replies; 3+ messages in thread
From: Aleksander N. Gorohovski @ 2005-09-30 5:04 UTC (permalink / raw)
To: Michael Holzman, ALT Linux Community
On Thu, 29 Sep 2005 19:11:07 +0400, Michael Holzman wrote:
> Уважаемое community!
>
> Объясните, пожалуйста, почему приведенный ниже файл конфигурации
> iptables ничего не фильтрует?
>
> # Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
> *nat
> :PREROUTING ACCEPT [3404:355335]
> :POSTROUTING ACCEPT [4946:259245]
> :OUTPUT ACCEPT [11325:439233]
> [146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> #
> *mangle
> :PREROUTING ACCEPT [175367:159461944]
> :INPUT ACCEPT [170807:159947518]
> :FORWARD ACCEPT [6112:571711]
> :OUTPUT ACCEPT [227467:15591197]
> :POSTROUTING ACCEPT [236980:16323205]
> COMMIT
> #
> *filter
> :INPUT ACCEPT [168880:158869739]
> :FORWARD ACCEPT [6070:568960]
> :OUTPUT ACCEPT [227467:15591197]
> [0:0] -A INPUT -i eth1 -j ACCEPT
> [7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> [0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
> COMMIT
> # Completed on Sat Sep 10 21:14:42 2005
Так, DROPaть чего-нибудь нужно, а у Вас все ACCEPT
:-)
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-09-30 5:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-09-29 15:11 [Comm] IPTABLES problem Michael Holzman
2005-09-30 4:15 ` Alexey V. Novikov
2005-09-30 5:04 ` Aleksander N. Gorohovski
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git