Folyamatos betoresi kiserletek SSH-n, mit tegyek? surgos!
Kubanka Peter
kubanka.peter at gmail.com
2006. Jan. 25., Sze, 13:21:55 CET
2006/1/25, BERES Laszlo <beres.laszlo at sys-admin.hu>:
> Én sem. Küldesz egy iptables kimetetet?
Remélem erre gondoltál, iptables -L parancsal csináltam, csatoltam
(remélem nem baj, csak 7k). Sok minden van benne, szerintem a tüzfal
tette bele, grafikus felületen álitottuk be.
----------------------------------------------
Kubánka Péter
kubanka.peter at gmail.com
--------- következõ rész ---------
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN recent: UPDATE seconds: 30 hit_count: 2 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN recent: SET name: DEFAULT side: source
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN recent: UPDATE seconds: 30 hit_count: 2 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN recent: SET name: DEFAULT side: source
DROP tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN recent: UPDATE seconds: 30 hit_count: 2 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN recent: SET name: DEFAULT side: source
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndmp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndl-aas flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ndl-aas
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:https
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:pop3 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:ndl-aas
ACCEPT udp -- anywhere anywhere udp dpt:domain
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
További információk a(z) Techinfo levelezőlistáról