English | Vietnamese
 

banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register   [Login] Loginhttp  | https  ]
 
Messages posted by: tga  XML
Profile for tga Messages posted by tga [ number of posts not being displayed on this page: 0 ]
 
Thảo luận hệ điều hành *nix  Empty  Go to message
Đây là lệnh của e trong iptables nhưng khi log vào ftp ko được phải stop mới log được vào
a/c giúp em với smilie
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:LOGNDROP - [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp -m state ! --tcp-flags FIN,SYN,RST,ACK SYN --state NEW -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK -j LO GNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOGNDROP
-A INPUT -f -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,U RG -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOGNDROP
-A INPUT -m state --state INVALID -j LOGNDROP
-A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 --state NEW --set --name SSH --rsource
-A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 --state NEW -j LOGN DROP --update --seconds 300 --hitcount 4 --rttl --name SSH --rsource
-A INPUT -p tcp -m tcp -m state -m limit --dport 80 --limit 25/min --limit-burst 100 --state NEW -j ACCEPT
-A INPUT -m state -m limit --limit 50/sec --limit-burst 50 --state RELATED,ESTAB LISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport -m state -i eth0 --state NEW,ESTABLISHED -j ACCEPT --dports 22,80,443,10000
-A INPUT -p tcp -m tcp -m multiport -m state -i eth0 --state ESTABLISHED -j ACCE PT --sports 80,443
-A INPUT -p udp -m udp -m multiport -i eth0 -j ACCEPT --sports 123,53
-A INPUT -p tcp -m tcp -m state -d xxx.xxx.xxx.xxx --dport 21 --sport 1024:65535 --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp -m state -d xxx.xxx.xxx.xxx --dport 1024:65535 --sport 10 24:65535 --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m tcp -m state -d xxx.xxx.xxx.xxx --dport 20 --sport 1024:65535 --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 22 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --leng th 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 25 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --leng th 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 80 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --leng th 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 443 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --len gth 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 110 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --len gth 40:60
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK -j L OGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOGNDROP
-A OUTPUT -f -j LOGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK, URG -j LOGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOGNDROP
-A OUTPUT -m state --state INVALID -j LOGNDROP
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j LOGNDROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m multiport -m state -o eth0 --state ESTABLISHED -j ACCEPT --s ports 22,80,443,10000
-A OUTPUT -p tcp -m tcp -m multiport -m state -o eth0 --state NEW,ESTABLISHED -j ACCEPT --dports 80,443
-A OUTPUT -p udp -m udp -m multiport -o eth0 -j ACCEPT --dports 123,53
-A OUTPUT -p tcp -m tcp -m state -s xxx.xxx.xxx.xxx --dport 1024:65535 --sport 2 1 --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp -m state -s xxx.xxx.xxx.xxx --dport 1024:65535 --sport 1 024:65535 --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp -m state -s xxx.xxx.xxx.xxx --dport 1024:65535 --sport 2 0 --state ESTABLISHED,RELATED -j ACCEPT
-A LOGNDROP -j LOG --log-prefix "LOGNDROP: "
-A LOGNDROP -j DROP
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
smilieREROUTING ACCEPT [0:0]
smilieOSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
smilieREROUTING ACCEPT [0:0]
smilieOSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -j REDIRECT --to-ports 9
COMMIT
# Completed 
Thảo luận hệ điều hành *nix  Empty  Go to message
sao em mới cho
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP  

thì tất cả các cổng đều bị đóng hết smilie lại phải stop iptables mới vào lại đc smilie
 

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|