ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [Comm] IPTABLES problem
@ 2005-09-29 15:11 Michael Holzman
  2005-09-30  4:15 ` Alexey V. Novikov
  2005-09-30  5:04 ` Aleksander N. Gorohovski
  0 siblings, 2 replies; 3+ messages in thread
From: Michael Holzman @ 2005-09-29 15:11 UTC (permalink / raw)
  To: ALT Linux Community

Уважаемое community!

Объясните, пожалуйста, почему приведенный ниже файл конфигурации
iptables ничего не фильтрует?

# Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
*nat
:PREROUTING ACCEPT [3404:355335]
:POSTROUTING ACCEPT [4946:259245]
:OUTPUT ACCEPT [11325:439233]
[146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
#
*mangle
:PREROUTING ACCEPT [175367:159461944]
:INPUT ACCEPT [170807:159947518]
:FORWARD ACCEPT [6112:571711]
:OUTPUT ACCEPT [227467:15591197]
:POSTROUTING ACCEPT [236980:16323205]
COMMIT
#
*filter
:INPUT ACCEPT [168880:158869739]
:FORWARD ACCEPT [6070:568960]
:OUTPUT ACCEPT [227467:15591197]
[0:0] -A INPUT -i eth1 -j ACCEPT
[7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
COMMIT
# Completed on Sat Sep 10 21:14:42 2005

--
Regards,
    Michael Holzman

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Comm] IPTABLES problem
  2005-09-29 15:11 [Comm] IPTABLES problem Michael Holzman
@ 2005-09-30  4:15 ` Alexey V. Novikov
  2005-09-30  5:04 ` Aleksander N. Gorohovski
  1 sibling, 0 replies; 3+ messages in thread
From: Alexey V. Novikov @ 2005-09-30  4:15 UTC (permalink / raw)
  To: Michael Holzman, ALT Linux Community

29.09.2005 19:11, Michael Holzman пишет:
> Уважаемое community!
> 
> Объясните, пожалуйста, почему приведенный ниже файл конфигурации
> iptables ничего не фильтрует?
> 
> # Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
> *nat
> :PREROUTING ACCEPT [3404:355335]
> :POSTROUTING ACCEPT [4946:259245]
> :OUTPUT ACCEPT [11325:439233]
> [146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> #
> *mangle
> :PREROUTING ACCEPT [175367:159461944]
> :INPUT ACCEPT [170807:159947518]
> :FORWARD ACCEPT [6112:571711]
> :OUTPUT ACCEPT [227467:15591197]
> :POSTROUTING ACCEPT [236980:16323205]
> COMMIT
> #
> *filter
> :INPUT ACCEPT [168880:158869739]
> :FORWARD ACCEPT [6070:568960]
> :OUTPUT ACCEPT [227467:15591197]
> [0:0] -A INPUT -i eth1 -j ACCEPT
> [7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> [0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
> COMMIT
> # Completed on Sat Sep 10 21:14:42 2005

А должен? У Вас же почти везде стоит accept, кроме последнего
правила, а iptables рассматривает их по порядку.
Измените дефолты на drop - все начнет фильтровать.

-- 
WBR, Alexey V. Novikov


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [Comm] IPTABLES problem
  2005-09-29 15:11 [Comm] IPTABLES problem Michael Holzman
  2005-09-30  4:15 ` Alexey V. Novikov
@ 2005-09-30  5:04 ` Aleksander N. Gorohovski
  1 sibling, 0 replies; 3+ messages in thread
From: Aleksander N. Gorohovski @ 2005-09-30  5:04 UTC (permalink / raw)
  To: Michael Holzman, ALT Linux Community

On Thu, 29 Sep 2005 19:11:07 +0400, Michael Holzman wrote:

> Уважаемое community!
>
> Объясните, пожалуйста, почему приведенный ниже файл конфигурации
> iptables ничего не фильтрует?
>
> # Generated by iptables-save v1.2.9 on Sat Sep 10 21:14:42 2005
> *nat
> :PREROUTING ACCEPT [3404:355335]
> :POSTROUTING ACCEPT [4946:259245]
> :OUTPUT ACCEPT [11325:439233]
> [146:7913] -A POSTROUTING -o ppp0 -j MASQUERADE
> COMMIT
> #
> *mangle
> :PREROUTING ACCEPT [175367:159461944]
> :INPUT ACCEPT [170807:159947518]
> :FORWARD ACCEPT [6112:571711]
> :OUTPUT ACCEPT [227467:15591197]
> :POSTROUTING ACCEPT [236980:16323205]
> COMMIT
> #
> *filter
> :INPUT ACCEPT [168880:158869739]
> :FORWARD ACCEPT [6070:568960]
> :OUTPUT ACCEPT [227467:15591197]
> [0:0] -A INPUT -i eth1 -j ACCEPT
> [7:591] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
> [0:0] -A INPUT -i eth0 -p tcp -m tcp -j REJECT --reject-with tcp-reset
> COMMIT
> # Completed on Sat Sep 10 21:14:42 2005

Так, DROPaть чего-нибудь нужно, а у Вас все ACCEPT
:-)


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-09-30  5:04 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-09-29 15:11 [Comm] IPTABLES problem Michael Holzman
2005-09-30  4:15 ` Alexey V. Novikov
2005-09-30  5:04 ` Aleksander N. Gorohovski

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git