Results 1 to 11 of 11
  1. #1

    named behind apf firewall

    Hi
    How to configure apf to run dns server behind?
    I've opened 53 tcp and upd port but no effect

    dig @dns.example.com otherexample.com
    ; <<>> DiG 9.2.1 <<>> @dns.example.com otherexample.com
    ;; global options: printcmd
    ;; connection timed out; no servers could be reached

  2. #2
    Join Date
    Oct 2004
    Location
    Ohio
    Posts
    1,641
    Do you have egress filtering enabled? if so try turning it off. Also, post the lines from conf.apf that show your open tcp and udp ports so we can take a look.

  3. #3
    Thanks for your reply.
    This server has public only one service - dns server
    Ssh access is set in allow_hosts.rules


    Code:
    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="53"
    
    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="53"
    
    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"
    
    ##
    # [Egress]
    # Configure egress (outbound) accepted services. This is an optional
    # feature; services and customized entries may be made directly to an ip's
    # virtual net file located in the vnet/ directory.
    #
    # Egress filtering is not required but makes your firewall setup complete
    # by providing full inbound and outbound packet filtering. You can toggle
    # egress filtering on or off with the EGF variable. Format is comma seperated
    # and underscore seperator for ranges.
    #
    # Example:
    # EG_TCP_CPORTS="21,25,80,443,43"
    # EG_UDP_CPORTS="20,21,53"
    # EG_ICMP_TYPES="all"
    ##
    
    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF="0"

  4. #4
    Join Date
    Oct 2004
    Location
    Ohio
    Posts
    1,641
    Did you try restarting apf after you opened the ports? apf -r to restart, then apf -st to check the status. You can also do iptables --list to double check and see if the correct porst are open.

  5. #5
    Join Date
    May 2002
    Location
    Kingston, Ontario
    Posts
    1,573
    iptables-save | grep 53

    See what Iptables really has in it. Also try ./apf -r
    Upload Guardian 2 - Malicious Upload Scanner - Windows and Linux!
    Instantly scan uploaded files
    Get notified when released

  6. #6
    Code:
    -A PREROUTING -p tcp -m tcp --sport 53 -j TOS --set-tos 0x04
    -A PREROUTING -p tcp -m tcp --sport 1024:65535 -j TOS --set-tos 0x04
    -A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
    -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
    -A INPUT -s 194.204.159.1 -i eth0 -p udp -m udp --sport 53 --dport 1023:65535 -j ACCEPT
    -A INPUT -s 194.204.152.34 -i eth0 -p tcp -m tcp --sport 53 --dport 1023:65535 -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --sport 53 --dport 1023:65535 -j DROP
    -A INPUT -i eth0 -p udp -m udp --sport 53 --dport 1023:65535 -j DROP
    -A INPUT -i eth0 -p tcp -m tcp --sport 1023:65535 --dport 21 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --sport 22 --dport 513:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i eth0 -p tcp -m tcp --sport 1024:65535 --dport 22 --tcp-flags SYN,RST,ACK SYN -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -o eth0 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -o eth0 -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A OUTPUT -o eth0 -p tcp -m tcp --sport 21 --dport 1023:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT

  7. #7
    Join Date
    Oct 2005
    Location
    Quebec
    Posts
    60
    check with iptables -L -n -v see if your rule get hit or not.

  8. #8
    Yes. Lot of stuff and this

    Code:
        0     0 ACCEPT     udp  --  eth0   *       194.204.152.34       0.0.0.0/0          udp spt:53 dpts:1023:65535
        0     0 ACCEPT     tcp  --  eth0   *         194.204.152.34     0.0.0.0/0          tcp spt:53 dpts:1023:65535
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp spt:53 dpts:1023:65535
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp spt:53 dpts:1023:65535

  9. #9
    Join Date
    Jan 2005
    Location
    Cardiff, UK
    Posts
    375
    # EG_TCP_CPORTS="21,25,80,443,43"

    do you not need 53 in there as well?

    0 0 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:53

    it looks like it is dropping outgoing packets on this port.

    I may be completely wrong, i don't have a whole lot of experience with apf.
    Peter Hall
    Tera Web Hosting
    UK Web Hosting and Backup Storage

  10. #10
    Join Date
    Oct 2005
    Location
    Quebec
    Posts
    60
    from what i see in the iptables log no traffic is hitting your rules.

  11. #11
    this is my whole iptables table
    I've started it for couple of seconds to test if dig works.

    Code:
    Chain INPUT (policy ACCEPT 2 packets, 80 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    14324 8253K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
     7652 1191K ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
      100  5968 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *      MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
     2215  261K ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP        0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       OPERATOR/24       0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       MY.IP.IP.IP          0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       OPERATOR/24         0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       OPRATOR/24         0.0.0.0/0          
        0     0 ACCEPT     all  --  *      *       OPERATOR          0.0.0.0/0          
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpts:135:139 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpts:135:139 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:111 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:111 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:161 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:161 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:199 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:199 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:513 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:513 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:445 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:445 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1433 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:1433 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1434 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:1434 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1234 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:1234 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1524 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:1524 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:3127 
        0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:3127 
        0     0 DROP       all  --  eth0   *       224.0.0.0/8          0.0.0.0/0          
        0     0 DROP       all  --  eth0   *       0.0.0.0/0            224.0.0.0/8        
        0     0 DROP       all  --  eth0   *       255.255.255.255      0.0.0.0/0          
        0     0 LD         all  --  eth0   *       0.0.0.0/0            0.0.0.0            
        0     0 DROP       icmp --  eth0   *       0.0.0.0/0            0.0.0.255/0.0.0.255
        0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.255/0.0.0.255
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x03/0x03 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x06 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x05/0x05 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x11/0x01 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x30/0x20 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x18/0x08 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x29 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x37 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x3F 
        0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x01 
        0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          state INVALID 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp option=64 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp option=128 
        0     0 FUDP       udp  -f  eth0   *       0.0.0.0/0            0.0.0.0/0          
        0     0 PZ         udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:0 
        0     0 PZ         tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:0 
        0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:113 reject-with icmp-port-unreachable 
        0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:113 reject-with icmp-port-unreachable 
        0     0 TELNET_LOG  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:23 state NEW 
        0     0 SSH_LOG    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22 state NEW 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:53 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:53 
        0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0          icmp type 3 limit: avg 12/sec burst 5 
        0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0          icmp type 5 limit: avg 12/sec burst 5 
        0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0          icmp type 11 limit: avg 12/sec burst 5 
        0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0          icmp type 0 limit: avg 12/sec burst 5 
        0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0          icmp type 30 limit: avg 12/sec burst 5 
        0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0          icmp type 8 limit: avg 12/sec burst 5 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp flags:!0x16/0x02 state NEW 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  eth0   *       194.204.159.1       0.0.0.0/0          udp spt:53 dpts:1023:65535 
        0     0 ACCEPT     tcp  --  eth0   *       194.204.159.1       0.0.0.0/0          tcp spt:53 dpts:1023:65535 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp spts:1023:65535 dpt:21 state RELATED,ESTABLISHED 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          multiport dports 21,20 state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          multiport dports 21,20 state RELATED,ESTABLISHED 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp spt:22 dpts:513:65535 state RELATED,ESTABLISHED 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp spts:1024:65535 dpt:22 flags:0x16/0x02 state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp dpt:22 state ESTABLISHED 
        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          tcp spts:32770:32780 dpts:33434:33500 
        0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          udp spts:32770:32780 dpts:33434:33500 
        0     0 LOG        tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          limit: avg 45/min burst 5 LOG flags 6 level 4 prefix `** IN_TCP DROP ** ' 
        0     0 LOG        udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          limit: avg 45/min burst 5 LOG flags 4 level 4 prefix `** IN_UDP DROP ** ' 
       19   945 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          
       51  3560 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0          
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    
    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    
    Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
     pkts bytes target     prot opt in     out     source               destination         
    14324 8253K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0          
     8512 6117K ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
       66 25264 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
     2623 1893K ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP      
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            OPERATOR/24     
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP        
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            OPERATOR/24       
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            OPERATOR/24       
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            MY.IP.IP.IP        
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpts:135:139 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpts:135:139 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:111 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:111 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:161 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:161 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:199 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:199 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:513 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:513 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:445 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:445 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:1433 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:1433 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:1434 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:1434 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:1234 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:1234 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:1524 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:1524 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:3127 
        0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:3127 
        0     0 DROP       all  --  *      eth0    224.0.0.0/8          0.0.0.0/0          
        0     0 DROP       all  --  *      eth0    0.0.0.0/0            224.0.0.0/8        
        0     0 DROP       all  --  *      eth0    255.255.255.255      0.0.0.0/0          
        0     0 DROP       all  --  *      eth0    0.0.0.0/0            0.0.0.0            
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x3F/0x00 
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x03/0x03 
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x06/0x06 
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x05/0x05 
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x11/0x01 
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x18/0x08 
        0     0 OUT_SANITY  tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp flags:0x30/0x20 
        0     0 DROP       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0          state INVALID 
        0     0 FUDP       udp  -f  *      eth0    0.0.0.0/0            0.0.0.0/0          
        0     0 PZ         udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpt:0 
        0     0 PZ         tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpt:0 
        0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp dpts:1024:65535 state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          udp dpts:1024:65535 state RELATED,ESTABLISHED 
        0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          tcp spt:21 dpts:1023:65535 state RELATED,ESTABLISHED 
        0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          multiport dports 21,20 state RELATED,ESTABLISHED 
        0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          multiport dports 21,20 state RELATED,ESTABLISHED 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    
    Chain FUDP (2 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `** UDP Frag **' 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    
    Chain IN_SANITY (11 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `** IN_SANITY **' 
        0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    
    Chain LA (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 
        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    
    Chain LD (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    
    Chain LMAC (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 REJECT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          reject-with icmp-net-prohibited 
    
    Chain OUT_SANITY (7 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `** OUT_SANITY **' 
        0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0          
    
    Chain PROHIBIT (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          reject-with icmp-host-prohibited 
    
    Chain PZ (4 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `** Port Zero **' 
        0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    
    Chain RESET (0 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          reject-with tcp-reset 
    
    Chain SSH_LOG (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `** SSH ** ' 
    
    Chain TELNET_LOG (1 references)
     pkts bytes target     prot opt in     out     source               destination         
        0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0          LOG flags 0 level 4 prefix `** TELNET ** '

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •