Meu firewall me bloqueou.. não faço mais nada
Citação:
iptables -A INPUT -p tcp -s 192.168.172.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.172.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.172.0/24 --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.172.0/24 --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.172.0/24 --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.172.0/24 --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.172.0/24 --dport 137:139 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.172.0/24 --dport 137:139 -j ACCEPT
Cara, acho que você nem precisa disso, já que você não definiu política alguma. O firewall já está liberando essas portas...
Abraços!
Meu firewall me bloqueou.. não faço mais nada
Mudei minhas regras e elas estão assim:
# Variaveis
# -------------------------------------------------------
# Ativa modulos
# -------------------------------------------------------
iptable_nat
ip_conntrack
ip_conntrack_ftp
ip_nat_ftp
ipt_LOG
ipt_REJECT
ipt_MASQUERADE
# Ativa roteamento no kernel
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/ip_forward
# Protecao contra IP spoofing
# -------------------------------------------------------
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
# Zera regras
# -------------------------------------------------------
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle
# Determina a politica padrao
# -------------------------------------------------------
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
#########################################################
# Tabela FILTER
#########################################################
# Aceita os pacotes que realmente devem entrar
# -------------------------------------------------------
iptables -A INPUT -i ! eth0 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
# Protecao contra worms
# -------------------------------------------------------
iptables -A FORWARD -p tcp --dport 135 -i eth1 -j REJECT
# Protecao contra syn-flood
# -------------------------------------------------------
iptables -A FORWARD -p tcp --syn -m limit --limit 2/s -j ACCEPT
# Protecao contra ping da morte
# -------------------------------------------------------
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# Loga tentativa de acesso a determinadas portas
# -------------------------------------------------------
iptables -A INPUT -p tcp --dport 21 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: ftp: "
iptables -A INPUT -p tcp --dport 23 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: telnet: "
iptables -A INPUT -p tcp --dport 25 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: smtp: "
iptables -A INPUT -p tcp --dport 80 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: http: "
iptables -A INPUT -p tcp --dport 110 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: pop3: "
iptables -A INPUT -p udp --dport 111 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: rpc: "
iptables -A INPUT -p tcp --dport 113 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: identd: "
iptables -A INPUT -p tcp --dport 137:139 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: samba: "
iptables -A INPUT -p udp --dport 137:139 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: samba: "
iptables -A INPUT -p tcp --dport 161:162 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: snmp: "
iptables -A INPUT -p tcp --dport 6667:6668 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: irc: "
iptables -A INPUT -p tcp --dport 3128 -i eth0 -j LOG --log-level 6 --log-prefix "FIREWALL: squid: "
# Libera acesso externo a determinadas portas
# -------------------------------------------------------
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
#########################################################
# Tabela NAT
#########################################################
# Ativa mascaramento de saida
# -------------------------------------------------------
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
# Proxy transparente
# -------------------------------------------------------
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 8080 -j REDIRECT --to-port 8080
E esses foram erros:
[root@lasertools-serv etc]# service iptables start
[root@lasertools-serv etc]# ./firewallnew
: command not found 3:
: command not found 6: iptable_nat
: command not found 7: ip_conntrack
: command not found 8: ip_conntrack_ftp
: command not found 9: ip_nat_ftp
: command not found 10: ipt_LOG
: command not found 11: ipt_REJECT
: command not found 12: ipt_MASQUERADE
: command not found 13:
: command not found 14:
: No such file or directoryoc/sys/net/ipv4/ip_forward
: command not found 18:
: command not found 19:
: No such file or directoryoc/sys/net/ipv4/conf/all/rp_filter
: command not found 23:
: command not found 24:
iptables: No chain/target/match by that name
iptables: Table does not exist (do you need to insmod?)
': Table does not exist (do you need to insmod?)e `nat
Perhaps iptables or your kernel needs to be upgraded.
': Table does not exist (do you need to insmod?)e `nat
Perhaps iptables or your kernel needs to be upgraded.
': Table does not exist (do you need to insmod?)e `mangle
Perhaps iptables or your kernel needs to be upgraded.
': Table does not exist (do you need to insmod?)e `mangle
Perhaps iptables or your kernel needs to be upgraded.
: command not found 33:
: command not found 34:
iptables: Bad policy name
iptables: Bad policy name
iptables: Bad policy name
: command not found 40:
: command not found 41:
: command not found 45:
: command not found 46:
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found 53:
: command not found 54:
: command not found 65:
: command not found 66:
: command not found 78:
: command not found 79:
'ptables v1.2.7a: Invalid target name `REJECT
Try `iptables -h' or 'iptables --help' for more information.
: command not found 83:
: command not found 84:
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found 88:
: command not found 89:
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found 93:
: command not found 94:
: command not found 107:
: command not found 108:
: command not found 123:
: command not found 124:
'ptables v1.2.7a: Invalid target name `ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
: command not found 128:
: command not found 129:
: command not found 134:
: command not found 135:
: command not found 139:
: command not found 140:
'ptables v1.2.7a: Invalid target name `MASQUERADE
Try `iptables -h' or 'iptables --help' for more information.
: command not found 144:
: command not found 145:
: command not found 150:
: command not found 151:
: command not found 155:
: command not found 156:
Meu firewall me bloqueou.. não faço mais nada
cara vc ta baixando estes scripts da net né ??? verifique a sintaxe deles então ta faltado um monte de comando ou melhor leia uma documentação e faça um script vc mesmo .. aprenda .... veja no google o guia Focalinux la tem uma boa documentação sobre o Firewall ou iptables/netfilter ..
te+
Meu firewall me bloqueou.. não faço mais nada
O primeiro que usei foi o usuário amarcio que me ajudou. Este que estou com problemas foi um usuário daqui (não lembro o nome) que postou em um dos fóruns. Peguei e mudei de acordo com minhas necessidades. Ontem ele funcionou mas travou toda a net e hoje tentei rodar e dá esses erros que coloquei.
Meu firewall me bloqueou.. não faço mais nada
O primeiro que usei foi o usuário amarcio que me ajudou. Este que estou com problemas foi um usuário daqui (não lembro o nome) que postou em um dos fóruns. Peguei e mudei de acordo com minhas necessidades. Ontem ele funcionou mas travou toda a net e hoje tentei rodar e dá esses erros que coloquei.