[glux] Re: ancora iptables

gigiv gigiv2@gmail.com
Mer 21 Giu 2006 11:58:55 CEST 

mi sono anche fatto un nmap

(The 1651 ports scanned but not shown below are in state: closed)
PORT      STATE    SERVICE
21/tcp    open     ftp
22/tcp    open     ssh
53/tcp    open     domain
80/tcp    open     http
113/tcp   filtered auth
135/tcp   filtered msrpc
139/tcp   filtered netbios-ssn
445/tcp   filtered microsoft-ds
1025/tcp  filtered NFS-or-IIS
1457/tcp  open     valisys-lm
5000/tcp  filtered UPnP
10000/tcp open     snet-sensor-mgmt


quella 53 e quella 1457 sono necessarie?

ciao gg

2006/6/20, gigiv <gigiv2@gmail.com>:
>
> ciao
>
> sto cercando di mettermi assieme uno script per settare iol firewall
>
> con iptables -L  ricevo
>
> ------------------------------------------------------------------------------------------
>
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere
> DROP       all  --  192.168.0.0/24       anywhere
> DROP       all  --  172.16.0.0/12        anywhere
> DROP       all  --  10.0.0.0/8           anywhere
> DROP       all  --  127.0.0.0/8          anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp
> echo-request limit: avg 1/sec burst 5
> DROP       icmp --  anywhere             anywhere            icmp
> echo-request
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:10000
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp
> flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere            tcp
> dpt:ftp-data flags:SYN,RST,ACK/SYN
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4661
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:4662
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:4665
>
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> DROP       all  --  anywhere             anywhere
> ACCEPT     tcp  --  anywhere             ciccio              tcp dpt:4662
> LOG        all  --  anywhere             anywhere            LOG level
> alert prefix `FORWARD: '
>
> Chain OUTPUT (policy ACCEPT)
>
> -------------------------------------------------------------------
>
> secondo me la 2 e 3 della catena INPUT
> e la 1 della FORWARD non vanno bene (nel senso che passa di tutto)
>
>
> ho ragione?
>
> qualcuno gentilmente mi da' conferma
>
>
> ciao grazie
>
> gg
>
-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: http://lists.linux.it/pipermail/glux/attachments/20060621/290f4f8b/attachment.htm

Maggiori informazioni sulla lista glux