Moin ! Ok, hier ist die Ausgabe von "iptables -L": Ich habe die Ausgabe in 2 Messages aufgeteilt, weil mir der Mailer-Deamon ne Nachricht geschickt hat, daß die Mail zu lang wäre! Ich hoffe, es fühlt sich hier niemand gestört! -------------Teil 1--------------------------- linux:/home/hardy # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere LOG all -- loopback/8 anywhere LOG level warning tc p-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' LOG all -- anywhere loopback/8 LOG level warning tc p-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- loopback/8 anywhere DROP all -- anywhere loopback/8 LOG all -- p50823E44.dip.t-dialin.net anywhere LOG level war ning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' DROP all -- p50823E44.dip.t-dialin.net anywhere input_ext all -- anywhere p50823E44.dip.t-dialin.net LOG all -- anywhere anywhere LOG level warning tc p-options ip-options prefix `SuSE-FW-UNAUTHORIZED-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SY N TCPMSS clamp to PMTU Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere LOG icmp -- anywhere anywhere icmp time-exceeded L OG level warning tcp-options ip-options prefix `SuSE-FW-TRACEROUTE-ATTEMPT ' ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp port-unreachabl e ACCEPT icmp -- anywhere anywhere icmp fragmentation-n eeded ACCEPT icmp -- anywhere anywhere icmp network-prohibi ted ACCEPT icmp -- anywhere anywhere icmp host-prohibited ACCEPT icmp -- anywhere anywhere icmp communication-p rohibited DROP icmp -- anywhere anywhere icmp destination-unr eachable ACCEPT all -- anywhere anywhere state NEW,RELATED,ES TABLISHED LOG all -- anywhere anywhere LOG level warning tc p-options ip-options prefix `SuSE-FW-OUTPUT-ERROR ' Chain forward_dmz (0 references) target prot opt source destination Chain forward_ext (0 references) target prot opt source destination Chain forward_int (0 references) target prot opt source destination Chain input_dmz (0 references) target prot opt source destination LOG all -- p50823E44.dip.t-dialin.net anywhere LOG level war ning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' DROP all -- p50823E44.dip.t-dialin.net anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp echo-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp destination-unreachable ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp time-exceeded ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp parameter-problem ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp timestamp-reply ACCEPT icmp -- anywhere anywhere state RELATED,ESTABL ISHED icmp address-mask-reply LOG icmp -- anywhere anywhere icmp redirect LOG le vel warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp source-quench L OG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp timestamp-reque st LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp address-mask-re quest LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' LOG icmp -- anywhere anywhere icmp type 2 LOG leve l warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' DROP icmp -- anywhere anywhere REJECT tcp -- anywhere anywhere tcp dpt:ident flags: SYN,RST,ACK/SYN reject-with tcp-reset LOG tcp -- anywhere anywhere tcp dpt:ssh flags:SY N,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:ssh flags:SY N,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:sunrpc flags :SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:sunrpc flags :SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:printer flag s:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:printer flag s:SYN,RST,ACK/SYN LOG tcp -- anywhere anywhere tcp dpt:x11 flags:SY N,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' DROP tcp -- anywhere anywhere tcp dpt:x11 flags:SY N,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN ACCEPT tcp -- anywhere anywhere state ESTABLISHED tc p dpt:ftp-data flags:!SYN,RST,ACK/SYN ACCEPT udp -- www-proxy.HRO1.srv.t-online.de anywhere state NEW ,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535 ACCEPT udp -- dns03.btx.dtag.de anywhere state NEW,RELATED,ES TABLISHED udp spt:domain dpts:1024:65535 DROP udp -- anywhere anywhere udp dpt:ssh DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:sunrpc DROP udp -- anywhere anywhere udp dpt:printer DROP udp -- anywhere anywhere udp dpt:x11 LOG tcp -- anywhere anywhere tcp flags:SYN,RST,AC K/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp source-quench L OG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp redirect LOG le vel warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp echo-request LO G level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp timestamp-reque st LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG icmp -- anywhere anywhere icmp address-mask-re quest LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG udp -- anywhere anywhere LOG level warning tc p-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' LOG all -- anywhere anywhere state INVALID LOG le vel warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' DROP all -- anywhere anywhere ------------------Ende Teil 1-------------------------------------- MfG Olli