Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > iptables single NIC

Reply
Thread Tools Display Modes

iptables single NIC

 
 
stinkbomb
Guest
Posts: n/a

 
      07-14-2003, 06:29 PM
I have linux running web and email services.
everything worked fine until I ran iptables.
As soon as I got iptables working machine lost all network access.
nothing in and nothing out.
if iptables is working, it must be working too well.

do i need to change my system configs?
 
Reply With Quote
 
 
 
 
/dev/rob0
Guest
Posts: n/a

 
      07-14-2003, 08:15 PM
In article <(E-Mail Removed)>, stinkbomb wrote:
> As soon as I got iptables working machine lost all network access.
> nothing in and nothing out.
> [snip]
> do i need to change my system configs?

Yes.

http://catb.org/~esr/faqs/smart-questions.html
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply
 
Reply With Quote
 
Ed Murphy
Guest
Posts: n/a

 
      07-15-2003, 03:03 AM
On Mon, 14 Jul 2003 14:29:49 -0400, stinkbomb wrote:

> I have linux running web and email services.
> everything worked fine until I ran iptables.
> As soon as I got iptables working machine lost all network access.
> nothing in and nothing out.
> if iptables is working, it must be working too well.
>
> do i need to change my system configs?

<sarcasm> No, you need to wave a dead chicken over the network card
by the light of a full moon. </sarcasm>

Of course you need to change your system configs! However, we can't
tell you which specific changes to make, until we see the current
config. Run 'iptables -L' (as root) and post the output.
 
Reply With Quote
 
stinkbomb
Guest
Posts: n/a

 
      07-15-2003, 01:36 PM


Ed Murphy wrote:
>
> On Mon, 14 Jul 2003 14:29:49 -0400, stinkbomb wrote:
>
> > I have linux running web and email services.
> > everything worked fine until I ran iptables.
> > As soon as I got iptables working machine lost all network access.
> > nothing in and nothing out.
> > if iptables is working, it must be working too well.
> >
> > do i need to change my system configs?
>
> <sarcasm> No, you need to wave a dead chicken over the network card
> by the light of a full moon. </sarcasm>
>
> Of course you need to change your system configs! However, we can't
> tell you which specific changes to make, until we see the current
> config. Run 'iptables -L' (as root) and post the output.

ok.

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG icmp -- anywhere anywhere state
INVALID limit: avg 3/min burst 2 LOG level info prefix `INVALID INPUT
packet: '
LOG !icmp -- anywhere anywhere state
INVALID limit: avg 3/min burst 2 LOG level info prefix `INVALID INPUT
packet: '
DROP all -- anywhere anywhere state
INVALID
HOST_BLOCK all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
ESTABLISHED
DROP udp -- 0.0.0.0 255.255.255.255 udp
spt:bootpc dpt:bootps
VALID_CHECK all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED
EXTIF_CHECK !icmp -- anywhere anywhere state NEW
EXTIF_CHECK icmp -- anywhere anywhere state NEW
limit: avg 10/sec burst 50
LOG icmp -- anywhere anywhere icmp
echo-request limit: avg 12/hour burst 1 LOG level info prefix `ICMP
flood: '
LOG all -- anywhere anywhere limit: avg
1/sec burst 5 LOG level info prefix `Dropped INPUT packet: '
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
LOG icmp -- anywhere anywhere state
INVALID limit: avg 3/min burst 2 LOG level info prefix `INVALID FORWARD
packet: '
LOG !icmp -- anywhere anywhere state
INVALID limit: avg 3/min burst 2 LOG level info prefix `INVALID FORWARD
packet: '
DROP all -- anywhere anywhere state
INVALID
HOST_BLOCK all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
ESTABLISHED
VALID_CHECK all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state
RELATED
RESERVED_NET_CHECK all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
1/sec burst 5 LOG level info prefix `Dropped FORWARD packet: '
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
HOST_BLOCK all -- anywhere anywhere

Chain EXTIF_CHECK (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp dpt:0
limit: avg 1/hour burst 1 LOG level info prefix `TCP port 0 OS
fingerprint: '
LOG udp -- anywhere anywhere udp dpt:0
limit: avg 1/hour burst 1 LOG level info prefix `UDP port 0 OS
fingerprint: '
DROP tcp -- anywhere anywhere tcp dpt:0
DROP udp -- anywhere anywhere udp dpt:0
LOG icmp -- anywhere anywhere limit: avg
3/min burst 1 LOG level info prefix `Dropped ICMP packet: '
RESERVED_NET_CHECK all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp
spts:ftp-data:9999 dpts:1024:65535 flags:!SYN,RST,ACK/SYN limit: avg
10/sec burst 50
DROP udp -- anywhere anywhere udp
spts:ftp-data:9999 dpts:1024:65535 limit: avg 10/sec burst 50
LOG tcp -- anywhere anywhere tcp
spts:ftp-data:9999 dpts:1024:65535 flags:!SYN,RST,ACK/SYN limit: avg
6/hour burst 1 LOG level info prefix `Lost TCP connection flood?: '
LOG udp -- anywhere anywhere udp
spts:ftp-data:9999 dpts:1024:65535 limit: avg 6/hour burst 1 LOG level
info prefix `Lost UDP connection flood?: '
DROP tcp -- anywhere anywhere tcp
spts:ftp-data:9999 dpts:1024:65535 flags:!SYN,RST,ACK/SYN
DROP udp -- anywhere anywhere udp
spts:ftp-data:9999 dpts:1024:65535
LOG tcp -- anywhere anywhere tcp
dpts:1024:65535 flags:!SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG
level info prefix `Stealth scan (UNPRIV)?: '
LOG tcp -- anywhere anywhere tcp
dpts:0:1023 flags:!SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG level
info prefix `Stealth scan (PRIV)?: '
DROP tcp -- anywhere anywhere tcp
flags:!SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp
dpts:0:1023 limit: avg 2/min burst 2 LOG level info prefix `Connection
attempt (PRIV): '
LOG udp -- anywhere anywhere udp
dpts:0:1023 limit: avg 2/min burst 2 LOG level info prefix `Connection
attempt (PRIV): '
LOG tcp -- anywhere anywhere tcp
dpts:1024:65535 limit: avg 1/min burst 1 LOG level info prefix
`Connection attempt (UNPRIV): '
LOG udp -- anywhere anywhere udp
dpts:1024:65535 limit: avg 1/min burst 1 LOG level info prefix
`Connection attempt (UNPRIV): '
DROP tcp -- anywhere anywhere
DROP udp -- anywhere anywhere
DROP icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
1/min burst 5 LOG level info prefix `Other-IP connection attempt: '
DROP all -- anywhere anywhere

Chain HOST_BLOCK (3 references)
target prot opt source destination

Chain RESERVED_NET_CHECK (2 references)
target prot opt source destination
LOG all -- 10.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Class A address: '
LOG all -- 172.16.0.0/12 anywhere limit: avg
1/min burst 1 LOG level info prefix `Class B address: '
LOG all -- 192.168.0.0/16 anywhere limit: avg
1/min burst 1 LOG level info prefix `Class C address: '
LOG all -- 169.254.0.0/16 anywhere limit: avg
1/min burst 1 LOG level info prefix `Class M$ address: '
LOG all -- 0.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 1.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 2.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 5.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 7.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 23.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 27.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 31.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 36.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 37.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 39.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 41.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 42.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 58.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 59.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 60.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 70.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 71.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 72.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 73.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 74.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 75.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 76.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 77.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 78.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 79.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 83.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 84.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 85.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 86.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 87.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 88.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 89.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 90.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 91.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 92.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 93.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 94.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 95.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 96.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 97.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 98.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 99.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 100.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 101.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 102.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 103.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 104.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 105.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 106.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 107.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 108.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 109.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 110.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 111.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 112.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 113.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 114.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 115.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 116.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 117.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 118.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 119.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 120.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 121.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 122.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 123.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 124.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 125.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 126.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- loopback/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 197.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 222.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 223.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- base-address.mcast.net/8 anywhere limit:
avg 1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 225.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 226.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 227.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all --
reserved-multicast-range-not-delegated.example.com/8 anywhere
limit: avg 1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 229.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all --
reserved-multicast-range-not-delegated.example.com/8 anywhere
limit: avg 1/min burst 1 LOG level info prefix `Reserved address: '
LOG all --
reserved-multicast-range-not-delegated.example.com/8 anywhere
limit: avg 1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 232.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 233.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 234.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 235.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 236.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 237.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 238.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 239.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 240.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 241.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 242.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 243.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 244.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 245.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 246.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 247.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 248.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 249.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 250.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 251.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 252.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 253.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 254.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
LOG all -- 255.0.0.0/8 anywhere limit: avg
1/min burst 1 LOG level info prefix `Reserved address: '
DROP all -- 10.0.0.0/8 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 192.168.0.0/16 anywhere
DROP all -- 169.254.0.0/16 anywhere
DROP all -- 0.0.0.0/8 anywhere
DROP all -- 1.0.0.0/8 anywhere
DROP all -- 2.0.0.0/8 anywhere
DROP all -- 5.0.0.0/8 anywhere
DROP all -- 7.0.0.0/8 anywhere
DROP all -- 23.0.0.0/8 anywhere
DROP all -- 27.0.0.0/8 anywhere
DROP all -- 31.0.0.0/8 anywhere
DROP all -- 36.0.0.0/8 anywhere
DROP all -- 37.0.0.0/8 anywhere
DROP all -- 39.0.0.0/8 anywhere
DROP all -- 41.0.0.0/8 anywhere
DROP all -- 42.0.0.0/8 anywhere
DROP all -- 58.0.0.0/8 anywhere
DROP all -- 59.0.0.0/8 anywhere
DROP all -- 60.0.0.0/8 anywhere
DROP all -- 70.0.0.0/8 anywhere
DROP all -- 71.0.0.0/8 anywhere
DROP all -- 72.0.0.0/8 anywhere
DROP all -- 73.0.0.0/8 anywhere
DROP all -- 74.0.0.0/8 anywhere
DROP all -- 75.0.0.0/8 anywhere
DROP all -- 76.0.0.0/8 anywhere
DROP all -- 77.0.0.0/8 anywhere
DROP all -- 78.0.0.0/8 anywhere
DROP all -- 79.0.0.0/8 anywhere
DROP all -- 83.0.0.0/8 anywhere
DROP all -- 84.0.0.0/8 anywhere
DROP all -- 85.0.0.0/8 anywhere
DROP all -- 86.0.0.0/8 anywhere
DROP all -- 87.0.0.0/8 anywhere
DROP all -- 88.0.0.0/8 anywhere
DROP all -- 89.0.0.0/8 anywhere
DROP all -- 90.0.0.0/8 anywhere
DROP all -- 91.0.0.0/8 anywhere
DROP all -- 92.0.0.0/8 anywhere
DROP all -- 93.0.0.0/8 anywhere
DROP all -- 94.0.0.0/8 anywhere
DROP all -- 95.0.0.0/8 anywhere
DROP all -- 96.0.0.0/8 anywhere
DROP all -- 97.0.0.0/8 anywhere
DROP all -- 98.0.0.0/8 anywhere
DROP all -- 99.0.0.0/8 anywhere
DROP all -- 100.0.0.0/8 anywhere
DROP all -- 101.0.0.0/8 anywhere
DROP all -- 102.0.0.0/8 anywhere
DROP all -- 103.0.0.0/8 anywhere
DROP all -- 104.0.0.0/8 anywhere
DROP all -- 105.0.0.0/8 anywhere
DROP all -- 106.0.0.0/8 anywhere
DROP all -- 107.0.0.0/8 anywhere
DROP all -- 108.0.0.0/8 anywhere
DROP all -- 109.0.0.0/8 anywhere
DROP all -- 110.0.0.0/8 anywhere
DROP all -- 111.0.0.0/8 anywhere
DROP all -- 112.0.0.0/8 anywhere
DROP all -- 113.0.0.0/8 anywhere
DROP all -- 114.0.0.0/8 anywhere
DROP all -- 115.0.0.0/8 anywhere
DROP all -- 116.0.0.0/8 anywhere
DROP all -- 117.0.0.0/8 anywhere
DROP all -- 118.0.0.0/8 anywhere
DROP all -- 119.0.0.0/8 anywhere
DROP all -- 120.0.0.0/8 anywhere
DROP all -- 121.0.0.0/8 anywhere
DROP all -- 122.0.0.0/8 anywhere
DROP all -- 123.0.0.0/8 anywhere
DROP all -- 124.0.0.0/8 anywhere
DROP all -- 125.0.0.0/8 anywhere
DROP all -- 126.0.0.0/8 anywhere
DROP all -- loopback/8 anywhere
DROP all -- 197.0.0.0/8 anywhere
DROP all -- 222.0.0.0/8 anywhere
DROP all -- 223.0.0.0/8 anywhere
DROP all -- base-address.mcast.net/8 anywhere
DROP all -- 225.0.0.0/8 anywhere
DROP all -- 226.0.0.0/8 anywhere
DROP all -- 227.0.0.0/8 anywhere
DROP all --
reserved-multicast-range-not-delegated.example.com/8 anywhere
DROP all -- 229.0.0.0/8 anywhere
DROP all --
reserved-multicast-range-not-delegated.example.com/8 anywhere
DROP all --
reserved-multicast-range-not-delegated.example.com/8 anywhere
DROP all -- 232.0.0.0/8 anywhere
DROP all -- 233.0.0.0/8 anywhere
DROP all -- 234.0.0.0/8 anywhere
DROP all -- 235.0.0.0/8 anywhere
DROP all -- 236.0.0.0/8 anywhere
DROP all -- 237.0.0.0/8 anywhere
DROP all -- 238.0.0.0/8 anywhere
DROP all -- 239.0.0.0/8 anywhere
DROP all -- 240.0.0.0/8 anywhere
DROP all -- 241.0.0.0/8 anywhere
DROP all -- 242.0.0.0/8 anywhere
DROP all -- 243.0.0.0/8 anywhere
DROP all -- 244.0.0.0/8 anywhere
DROP all -- 245.0.0.0/8 anywhere
DROP all -- 246.0.0.0/8 anywhere
DROP all -- 247.0.0.0/8 anywhere
DROP all -- 248.0.0.0/8 anywhere
DROP all -- 249.0.0.0/8 anywhere
DROP all -- 250.0.0.0/8 anywhere
DROP all -- 251.0.0.0/8 anywhere
DROP all -- 252.0.0.0/8 anywhere
DROP all -- 253.0.0.0/8 anywhere
DROP all -- 254.0.0.0/8 anywhere
DROP all -- 255.0.0.0/8 anywhere

Chain VALID_CHECK (2 references)
target prot opt source destination
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG
level info prefix `Stealth XMAS scan: '
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min burst
5 LOG level info prefix `Stealth XMAS-PSH scan: '
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min
burst 5 LOG level info prefix `Stealth XMAS-ALL scan: '
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level
info prefix `Stealth FIN scan: '
LOG tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix
`Stealth SYN/RST scan: '
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix
`Stealth SYN/FIN scan(?): '
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level
info prefix `Stealth Null scan: '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DROP tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE
LOG tcp -- anywhere anywhere tcp
option=64 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP
flag(64): '
LOG tcp -- anywhere anywhere tcp
option=128 limit: avg 3/min burst 1 LOG level info prefix `Bad TCP
flag(128): '
DROP tcp -- anywhere anywhere tcp
option=64
DROP tcp -- anywhere anywhere tcp
option=128
LOG all -f anywhere anywhere limit: avg
3/min burst 1 LOG level warning prefix `Fragmented packet: '
DROP all -f anywhere anywhere
 
Reply With Quote
 
 
 
Reply

« POP3, lock files and procmail | RH - setting IP addresses on second ethernet card »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Single xp computer can't connect to a single server groups@brainin.com Windows Networking 0 09-12-2007 10:38 PM
iptables proxy on a single interface Monterey IT Guy Linux Networking 0 02-08-2007 10:16 PM
Looking for iptables applications code (iptables.c) to run some rules to forward packets tvnaidu@yahoo.com Linux Networking 2 01-17-2005 05:01 PM
Is a single-port ADSL router the same as a single-port ethernet modem? Graeme Allen Broadband 8 01-26-2004 10:55 PM
Can a Single Building-to-Building Bridge be used as a Single Access Point? Alan Wireless Internet 0 10-28-2003 09:27 PM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11