> Daj iptables -L -v to pomyślimy.
> Ja mam wyciętą sambę od strony =
netu.
>
Witam
dodałem ten wpis o hosts deny = 0.0.0.0/0
Ponizej iptables, zerknijcie ( ale ja tu jak byyk =
widze ze na porty samby
mozna tylko z sieci lokalnej i do tego z eth0 sie =
laczyc.
pozdrawiam Wojtek
Chain INPUT (policy DROP 10147 packets, 414K =
bytes)
pkts bytes target prot =
opt in out source
destination
3206 380K ACCEPT =
all -- lo =
any =
anywhere =
; anywhere
1308 94532 ACCEPT =
tcp -- any any =
anywhere =
; anywhere
tcp dpt:http
0 0 =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
tcp dpt:http
2 80 =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
tcp dpt:domain
4929 766K ACCEPT =
udp -- any any =
anywhere =
; anywhere
udp dpt:domain
2435 111K ACCEPT =
tcp -- any any =
anywhere =
; anywhere
tcp dpt:pop3
0 0 =
ACCEPT udp -- any =
any =
anywhere =
; anywhere
udp dpt:pop3
85985 100M ACCEPT =
tcp -- any any =
anywhere =
; anywhere
tcp dpt:smtp
0 0 =
ACCEPT udp -- any =
any =
anywhere =
; anywhere
udp dpt:smtp
2648 243K ACCEPT =
anywhere =
; anywhere
icmp echo-request limit: avg 1/sec burst 5
1 48 =
ACCEPT icmp -- any =
any =
anywhere =
; anywhere
icmp echo-reply
17029 931K ACCEPT =
tcp -- any any =
anywhere =
; anywhere
tcp dpt:ssh
1 40 =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
tcp dpt:ftp-data
61 2874 =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
tcp dpt:ftp
12 700 =
any =
anywhere =
; anywhere
tcp dpt:auth reject-with icmp-port-unreachable
14 592 =
any =
anywhere =
; anywhere
tcp dpt:socks reject-with =
3642 322K ACCEPT =
tcp -- any any =
anywhere =
; anywhere
state ESTABLISHED
0 0 =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
state RELATED
0 0 =
ACCEPT icmp -- any =
any =
anywhere =
; anywhere
state ESTABLISHED
52 3512 =
ACCEPT icmp -- any =
any =
anywhere =
; anywhere
state RELATED
153 23783 ACCEPT =
udp -- any any =
anywhere =
; anywhere
state ESTABLISHED
0 0 =
ACCEPT udp -- any =
any =
anywhere =
; anywhere
state RELATED
66 24696 ACCEPT =
udp -- eth0 any =
anywhere =
; anywhere
udp dpt:bootps
13 4264 =
ACCEPT udp -- eth0 =
any =
anywhere =
; anywhere
udp dpt:bootpc
0 0 =
ACCEPT tcp -- eth0 =
any =
localnet/24 =
anywhere
tcp dpt:netbios-ns
622 55896 ACCEPT =
udp -- eth0 any =
localnet/24 =
anywhere
udp dpt:netbios-ns
0 0 =
ACCEPT tcp -- eth0 =
any =
localnet/24 =
anywhere
tcp dpt:netbios-dgm
754 178K ACCEPT =
udp -- eth0 any =
localnet/24 =
anywhere
udp dpt:netbios-dgm
4 192 =
ACCEPT tcp -- eth0 =
any =
localnet/24 =
anywhere
tcp dpt:netbios-ssn
0 0 =
ACCEPT udp -- eth0 =
any =
localnet/24 =
anywhere
udp dpt:netbios-ssn
0 0 =
DROP all -- =
ppp0 any =
localnet/24 =
anywhere
8210 385K ACCEPT =
tcp -- any any =
anywhere =
; anywhere
tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst =
5
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot =
opt in out source
destination
120K 70M =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
=
state ESTABLISHED
11 528 =
ACCEPT tcp -- any =
any =
anywhere =
; anywhere
state RELATED
0 0 =
ACCEPT icmp -- any =
any =
anywhere =
; anywhere
state ESTABLISHED
35 1960 =
ACCEPT icmp -- any =
any =
anywhere =
; anywhere
state RELATED
276 57877 ACCEPT =
udp -- any any =
anywhere =
; anywhere
state ESTABLISHED
0 0 =
ACCEPT udp -- any =
any =
anywhere =
; anywhere
state RELATED
5508 269K ACCEPT =
all -- any any =
localnet/24 =
anywhere
12 480 =
ACCEPT all -- any =
any anywhere
localnet/24
Chain OUTPUT (policy ACCEPT 114K packets, 13M =
bytes)
pkts bytes target prot =
opt in out source
destination