Newbie & Netzwerk - iptables

29 Jul 2002

      Moin !

Ok, hier ist die Ausgabe von "iptables -L":
Ich habe die Ausgabe in 2 Messages aufgeteilt, weil mir der
Mailer-Deamon ne Nachricht geschickt hat, daß die Mail zu lang wäre!
Ich hoffe, es fühlt sich hier niemand gestört!

-------------Teil 1---------------------------

linux:/home/hardy # iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  loopback/8           anywhere           LOG level
warning tc
p-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
LOG        all  --  anywhere             loopback/8         LOG level
warning tc
p-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP       all  --  loopback/8           anywhere
DROP       all  --  anywhere             loopback/8
LOG        all  --  p50823E44.dip.t-dialin.net  anywhere           LOG
level war
ning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP       all  --  p50823E44.dip.t-dialin.net  anywhere
input_ext  all  --  anywhere             p50823E44.dip.t-dialin.net
LOG        all  --  anywhere             anywhere           LOG level
warning tc
p-options ip-options prefix `SuSE-FW-UNAUTHORIZED-TARGET '
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
TCPMSS     tcp  --  anywhere             anywhere           tcp
flags:SYN,RST/SY
N TCPMSS clamp to PMTU

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        icmp --  anywhere             anywhere           icmp
time-exceeded L
OG level warning tcp-options ip-options prefix
`SuSE-FW-TRACEROUTE-ATTEMPT '
ACCEPT     icmp --  anywhere             anywhere           icmp
time-exceeded
ACCEPT     icmp --  anywhere             anywhere           icmp
port-unreachabl
e
ACCEPT     icmp --  anywhere             anywhere           icmp
fragmentation-n
eeded
ACCEPT     icmp --  anywhere             anywhere           icmp
network-prohibi
ted
ACCEPT     icmp --  anywhere             anywhere           icmp
host-prohibited

ACCEPT     icmp --  anywhere             anywhere           icmp
communication-p
rohibited
DROP       icmp --  anywhere             anywhere           icmp
destination-unr
eachable
ACCEPT     all  --  anywhere             anywhere           state
NEW,RELATED,ES
TABLISHED
LOG        all  --  anywhere             anywhere           LOG level
warning tc
p-options ip-options prefix `SuSE-FW-OUTPUT-ERROR '

Chain forward_dmz (0 references)
target     prot opt source               destination

Chain forward_ext (0 references)
target     prot opt source               destination

Chain forward_int (0 references)
target     prot opt source               destination

Chain input_dmz (0 references)
target     prot opt source               destination
LOG        all  --  p50823E44.dip.t-dialin.net  anywhere           LOG
level war
ning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  p50823E44.dip.t-dialin.net  anywhere
ACCEPT     icmp --  anywhere             anywhere           icmp
echo-request
ACCEPT     icmp --  anywhere             anywhere           state
RELATED,ESTABL
ISHED icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere           state
RELATED,ESTABL
ISHED icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere           state
RELATED,ESTABL
ISHED icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere           state
RELATED,ESTABL
ISHED icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere           state
RELATED,ESTABL
ISHED icmp timestamp-reply
ACCEPT     icmp --  anywhere             anywhere           state
RELATED,ESTABL
ISHED icmp address-mask-reply
LOG        icmp --  anywhere             anywhere           icmp
redirect LOG le
vel warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  anywhere             anywhere           icmp
source-quench L
OG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  anywhere             anywhere           icmp
timestamp-reque
st LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  anywhere             anywhere           icmp
address-mask-re
quest LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  anywhere             anywhere           icmp type 2
LOG leve
l warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP       icmp --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp
dpt:ident flags:
SYN,RST,ACK/SYN reject-with tcp-reset
LOG        tcp  --  anywhere             anywhere           tcp dpt:ssh
flags:SY
N,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP '
DROP       tcp  --  anywhere             anywhere           tcp dpt:ssh
flags:SY
N,RST,ACK/SYN
LOG        tcp  --  anywhere             anywhere           tcp
dpt:sunrpc flags
:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP '

DROP       tcp  --  anywhere             anywhere           tcp
dpt:sunrpc flags
:SYN,RST,ACK/SYN
LOG        tcp  --  anywhere             anywhere           tcp
dpt:printer flag
s:SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP
'
DROP       tcp  --  anywhere             anywhere           tcp
dpt:printer flag
s:SYN,RST,ACK/SYN
LOG        tcp  --  anywhere             anywhere           tcp dpt:x11
flags:SY
N,RST,ACK/SYN LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP '
DROP       tcp  --  anywhere             anywhere           tcp dpt:x11
flags:SY
N,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state
ESTABLISHED tc
p dpts:ipcserver:65535 flags:!SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           state
ESTABLISHED tc
p dpt:ftp-data flags:!SYN,RST,ACK/SYN
ACCEPT     udp  --  www-proxy.HRO1.srv.t-online.de  anywhere          
state NEW
,RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT     udp  --  dns03.btx.dtag.de    anywhere           state
NEW,RELATED,ES
TABLISHED udp spt:domain dpts:1024:65535
DROP       udp  --  anywhere             anywhere           udp dpt:ssh
DROP       udp  --  anywhere             anywhere           udp
dpt:sunrpc
DROP       udp  --  anywhere             anywhere           udp
dpt:sunrpc
DROP       udp  --  anywhere             anywhere           udp
dpt:printer
DROP       udp  --  anywhere             anywhere           udp dpt:x11
LOG        tcp  --  anywhere             anywhere           tcp
flags:SYN,RST,AC
K/SYN LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP-DEFAULT '
LOG        icmp --  anywhere             anywhere           icmp
source-quench L
OG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  anywhere             anywhere           icmp
redirect LOG le
vel warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  anywhere             anywhere           icmp
echo-request LO
G level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  anywhere             anywhere           icmp
timestamp-reque
st LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT
'
LOG        icmp --  anywhere             anywhere           icmp
address-mask-re
quest LOG level warning tcp-options ip-options prefix
`SuSE-FW-DROP-DEFAULT '
LOG        udp  --  anywhere             anywhere           LOG level
warning tc
p-options ip-options prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  anywhere             anywhere           state
INVALID LOG le
vel warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID
'
DROP       all  --  anywhere             anywhere
------------------Ende Teil 1--------------------------------------

MfG
   Olli

Newbie & Netzwerk - iptables

Oliver Appel