Помогите настроить iptables

Автор: strangebrew Дата: 22.08.2005 13:31 Нужно по минимуму настроить iptables. Вот что у меня там по умолчанию (запускал брандмауэр в X: Системные параметры > Уровень безопасности > Включить брандмауэр):

# Generated by iptables-save v1.3.1 on Mon Aug 22 13:14:10 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [154530:62875030]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Что за порт 443:tcp (включен опять же изначально)?
Как удалить все правила, чтобы создать новые (или что-нибудь оставить)?
Руководствуюсь статьей [asplinux.net]
Там настройки такие:

# Generated by iptables-save v1.2.8 on Sat Jan 15 07:08:29 2005
*filter
:INPUT DROP [714:58115]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 137 --dport 32768:65535 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 32768:65535 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 32768:65535 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 137:139 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 137:139 -j ACCEPT
COMMIT
# Completed on Sat Jan 15 07:08:29 2005

Как писать: -A RH-Firewall-1-INPUT или -A INPUT ?
Что полезное можно добавить?
Главное - нужно, чтобы был в рабочем состоянии еще и ppp0. Что написать для работы ppp0?
Re: Помогите настроить iptables 22.08.2005 18:48ezhikov Здесь посмотрите, может что интересное найдете.
[asplinux.net]
Re: Помогите настроить iptables 22.08.2005 19:11strangebrew Спасибо, уже читал.
> Руководствуюсь статьей [asplinux.net]
Хочу немного поподробнее.
Re: Помогите настроить iptables 22.08.2005 21:36Шуршун 1 [gazette.linux.ru.net]
2 [gazette.linux.ru.net]

Вообще там статей...
Re: Помогите настроить iptables 23.08.2005 01:08lystor Поделюсь своим списком литературы по данной проблеме:
HOMEPAGE ==============================================================
The Netfilter Project Homepage [www.netfilter.org]

SOURCE CODE ========================================================
Userspace code (tar.bz2) [www.netfilter.org]

FAQ =================================================================
Netfilter/Iptables FAQ [netfilter.samba.org]
Firewall Forensics (What am I seeing?) FAQ [www.robertgraham.com]
Network Intrusion Detection Systems - IDS [www.robertgraham.com]
Sniffing (network wiretap, sniffer) FAQ [www.robertgraham.com]
Linux IP Masquerade FAQ [en.tldp.org]
Firewall Admins Guide to Porn FAQ [www.robertgraham.com]
Hacking Lexicon - hacking dictionary [www.robertgraham.com]
Submit a FAQ Link or URL [www.linuxguruz.com]

SCRIPTS ===============================================================
Home LAN masquerading [the-devil.dnsalias.net]
Home LAN ip6tables [the-devil.dnsalias.net]
Basic IPv6 FireWall script [ipv6.klingon.nl]
HomeLAN Security v.1.3.1 [www.unixpages.com]
Resets iptables to default values [www.linuxguruz.com]
MonMotha's Firewall 2.3.8-pre7 [monmotha.mplug.org]
Firewall BASH Script - by Netcat [the-devil.dnsalias.net]
Arno's IPTABLES Firewall Script [freshmeat.net]
The Wonder Shaper [lartc.org]
Projectfiles.com Linux Firewall [projectfiles.com]
Technion's IPTables Script [orbital.wiretapped.net]
Initial SIMPLE IP Firewall [www.linuxguruz.com]
DMZ IP Firewall script [www.linuxguruz.com]
DHCP IP Firewall script [www.linuxguruz.com]
UTIN Firewall script [www.linuxguruz.com]
Linux Firewall and NAT for DSL [www.ccl.net]
NATting SOHO firewall [www.linuxguruz.com]
Simple IPTABLES firewall [linux.ardynet.com]
IPTABLES masquerading firewall [www.linuxguruz.com]
Script for a dual-homed firewall [www.linuxguruz.com]
Script for a multi-homed firewall [www.linuxguruz.com]
Set up iptables NAT rules [www.linuxguruz.com]
Example netfilter setup [www.linuxguruz.com]
Packet filtering setup script [www.linuxguruz.com]
Very restrictive set of firewall rules [www.linuxguruz.com]
Tightly secured firewall for general use [www.linuxguruz.com]
Example NAT usage [www.linuxguruz.com]
Run a web server inside LAN [www.linuxguruz.com]
Configuration with no services supported [www.linuxguruz.com]
Script for NAT and more [www.linuxguruz.com]
NAT iptables firewall script [www.sjdjweis.com]
Routing incoming ppp0 [www.linuxguruz.com]
Basic Ipchains Firewall Rule Script [www.linuxguruz.com]
Common firewall functions [www.bagley.org]
Script written by Rick Dicaire [www.linuxguruz.com]
NAT and blocking all but Port 22 [www.linuxguruz.com]
Firebred iptables Script [void.printf.net]
Email us your rc.firewall script or URL iptables@linuxguruz.com

IRC ===================================================================
EfNet IPTABLES IRC Channel JPilot Java IRC Applet - #IPTABLES

HOWTO =================================================================
Linux Stateful Firewall & IP Masquerading [www.puschitz.com]
Linux IP Masquerade HOWTO [www.tldp.org]
Linux iptables HOWTO [www.linuxguruz.com]
Netfilter Extensions HOWTO - Patch-O-Matic [www.linuxguruz.com]
Linux netfilter Hacking HOWTO [www.linuxguruz.com]
Linux ipnatctl HOWTO [www.linuxguruz.com]
Linux 2.4 NAT HOWTO [www.netfilter.org]
Linux 2.4 Packet Filtering HOWTO [www.linuxguruz.com]
Linux Administrator's Security Guide [www.seifried.org]
Networking Concepts HOWTO [www.linuxguruz.com]
Transparent Proxy mini-HOWTO [en.tldp.org]
Linux 2.4 Advanced Routing HOWTO [www.linuxguruz.com]
Manpage of IPTABLES [www.linuxguruz.com]
tinc from behind a masquerading firewall [tinc.nl.linux.org]
Linux Performance, Security, and Managability [www.linuxguruz.com]
Stopping Filesharing [www.oofle.com]
Submit a Howto Link or URL [www.linuxguruz.com]

TUTORIAL ==============================================================
Traffic Shaping with Linux [www.knowplace.org]

Firewalling with Netfilter/Iptables [www.knowplace.org]
What is the difference between REJECT and DENY? [logi.cc]
Linux Advanced Routing & Traffic Control [www.lartc.org]
Iptables Tutorial [iptables-tutorial.frozentux.net]
Traffic Shaping (QOS and TOS) [www.docum.org]
Filter The Web With squidGuard [networking.earthweb.com]
Comparison of iptables Automation Tools [online.securityfocus.com]
LinuxWorld: San Jose August 2000 [www.linuxguruz.com]
Set up an gateway for home or office [www.yolinux.com]
Filtering Packets with iptables [www.unixreview.com]
Using iptables [www.unixreview.com]
Netfilter framework in Linux 2.4 [www.gnumonks.org]
IPtables Connection tracking [www.sns.ias.edu]
Iptables - What is it [www.sns.ias.edu]
Linux Kernel 2.4 Firewalling Matures [www.linuxsecurity.com]
Network Security With Linux 2.4 [www.linux-mag.com]
Netfilter Log Format [logi.cc]
Netfilter Log Analyzer [logi.cc]
Submit a Tutorial or URL [www.linuxguruz.com]

TOOLS ==================================================================
Firewall Builder - Multi-platform configuration and management [www.fwbuilder.org]
NuFW - Authentication of every connection passing IP filter [www.nufw.org]
fabfw - Firewall-Script built on iptables [www.realdealz.ch]
Ftwall - Block network traffic from P2P client applications [www.lowth.com]
Bifrost - GUI firewall management interface to iptables [bifrost.heimdalls.com]
LinWiz - Linux configuration file and scripting Wizards [www.lowth.com]
Dnsmasq - caching DNS forwarder [thekelleys.org.uk]
FireHOL, the iptables stateful packet filtering firewall builder [firehol.sourceforge.net]
adcfw-log - firewall logs analyzer/summarizer [adcfw-log.sourceforge.net]
BullDog - A comprehensive and progressive firewall [tanaya.net]
WallFire: wflogs - firewall log analysis tool [www.wallfire.org]
Ulog-php - a php analyser for netfilter U-log [www.inl.fr]
Firewall Tester [ftester.sourceforge.net]
Easy Firewall Generator for IPTables [easyfwgen.morizot.net]
YAFT's Another Firewall Tool [sourceforge.net]
PFG for IPTables [www.thegate.nu]
IPTables log analyzer [www.gege.org]
Turtle Firewall Project [turtlefirewall.sourceforge.net]
TuxFrw - Firewall Automation Tool [tuxfrw.sourceforge.net]
Shoreline Firewall [www.shorewall.net]
levy - Perl Firewall Generater [muse.linuxmafia.org]
gSshield - BASH Shell Script Configurator [muse.linuxmafia.org]
Mason - Builds from system traffic [www.stearns.org]
GIPTables Firewall - IPTABLES Rules Generator [www.giptables.org]
Firewall Builder - GUI Firewall Frontend [www.fwbuilder.org]
IPMENU - Curses Firewall Frontend [users.pandora.be]
Fireparse - Firewall Log Parser [aaron.marasco.com]
SATAN - Port Scanner with a Web Interface [www.ibiblio.org]
Submit a Tools Link or URL [www.linuxguruz.com]

NETWORK SECURITY SITES ===================================================
PenguinSecurity [www.penguinsecurity.net]
Security Wizards [www.secwiz.com]
WebHostingTalk Technical & Security Issues Page [www.webhostingtalk.com]
Submit a Network Security Site Link or URL [www.linuxguruz.com]
Re: Помогите настроить iptables 23.08.2005 11:58strangebrew Спасибо =)
Re: Помогите настроить iptables 23.08.2005 18:53keshaLG my respect 2 lystor
RSS-материал