iptables

Dimitris Mexis m65 at vivodinet.gr
Tue Jul 18 20:56:59 EEST 2006 

On Tue, 18 Jul 2006 18:12:11 +0300, Dimitris Mexis wrote:

> Eho tin aporia giati otan sindeomai se ena kouti, pou exo rithmisei me
> iptables, i apokrisi einai argi. Sigekrimena to na bo me ssh kathisterei
> na mou dixi to login. Kai otan energopoiiso tin mysql, to na sindetho meso
> 3306 stin mysql, pali argei na xekinisei na trexei to query.
> Fteei kati isos me ta logs?
> 
> To iptables -L  einai :
> 
> [root at zeus root]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:mysql ACCEPT     icmp --
> anywhere             anywhere            icmp echo-request ACCEPT     icmp
> --  anywhere             anywhere            icmp time-exceeded ACCEPT
> icmp --  anywhere             anywhere            icmp
> destination-unreachable ACCEPT     icmp --  anywhere             anywhere
>           icmp echo-reply ACCEPT     all  --  zeus.lan
> anywhere ACCEPT     udp  --  anywhere             anywhere            udp
> dpt:netbios-ns ACCEPT     udp  --  anywhere             anywhere
>  udp dpt:netbios-dgm ACCEPT     udp  --  anywhere             anywhere
>        udp dpt:netbios-ssn ACCEPT     tcp  --  anywhere
> anywhere            tcp dpt:netbios-ssn ACCEPT     tcp  --  anywhere
>       anywhere            tcp dpt:netbios-dgm ACCEPT     tcp  --  anywhere
>             anywhere            tcp dpt:netbios-ns ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:wins ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:swat ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:ssh ACCEPT     udp  --
> anywhere             anywhere            udp dpt:ssh ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:http ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:10000 ACCEPT     tcp  --
> anywhere             anywhere            tcp dpt:https REJECT     all  --
> anywhere             anywhere            reject-with icmp-port-unreachable
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination


An to kano etsi? Exo provlima?
ousiastika na exo mono nfs, ssh, cups...?

[root at zeus root]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:sunrpc
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4000
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4001
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4002
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4003
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1023
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:nfs
ACCEPT     udp  --  anywhere             anywhere            udp dpt:sunrpc
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4000
ACCEPT     udp  --  anywhere             anywhere            udp dpt:400
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4001
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4002
ACCEPT     udp  --  anywhere             anywhere            udp dpt:4003
ACCEPT     udp  --  anywhere             anywhere            udp dpt:1023
ACCEPT     udp  --  anywhere             anywhere            udp dpt:nfs

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

More information about the Linux-greek-users mailing list