From: "José Nuno Neto" <jose.neto@liber4e.com>
To: netfilter@lists.netfilter.org
Subject: FTP SERVER ACCESS
Date: Fri, 24 Oct 2003 15:14:43 +0100 [thread overview]
Message-ID: <3F9933D3.3020803@liber4e.com> (raw)
Hi,
I have a friewall script from
http://www.rfxnetworks.com/apf.php
I've followed intructions and have access to everythin i wnat except for
FTP Server
Can anyone point what ports/action must i do?
thanx
-------------------------------------------
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
IN_UNCLEAN all -- anywhere anywhere unclean
ACCEPT all -- anywhere anywhere
TELNET_LOG tcp -- anywhere anywhere tcp dpt:telnet state NEW
SSH_LOG tcp -- anywhere anywhere tcp dpt:ssh state NEW
DROP all -- 1.0.0.0/8 anywhere
DROP all -- 2.0.0.0/8 anywhere
DROP all -- 5.0.0.0/8 anywhere
DROP all -- 7.0.0.0/8 anywhere
DROP all -- 23.0.0.0/8 anywhere
DROP all -- 27.0.0.0/8 anywhere
DROP all -- 31.0.0.0/8 anywhere
DROP all -- 36.0.0.0/8 anywhere
DROP all -- 37.0.0.0/8 anywhere
DROP all -- 39.0.0.0/8 anywhere
DROP all -- 41.0.0.0/8 anywhere
DROP all -- 42.0.0.0/8 anywhere
DROP all -- 58.0.0.0/8 anywhere
DROP all -- 59.0.0.0/8 anywhere
DROP all -- 60.0.0.0/8 anywhere
DROP all -- 70.0.0.0/8 anywhere
DROP all -- 71.0.0.0/8 anywhere
DROP all -- 72.0.0.0/8 anywhere
DROP all -- 73.0.0.0/8 anywhere
DROP all -- 74.0.0.0/8 anywhere
DROP all -- 75.0.0.0/8 anywhere
DROP all -- 76.0.0.0/8 anywhere
DROP all -- 77.0.0.0/8 anywhere
DROP all -- 78.0.0.0/8 anywhere
DROP all -- 78.0.0.0/8 anywhere
DROP all -- 79.0.0.0/8 anywhere
DROP all -- 83.0.0.0/8 anywhere
DROP all -- 84.0.0.0/8 anywhere
DROP all -- 85.0.0.0/8 anywhere
DROP all -- 86.0.0.0/8 anywhere
DROP all -- 87.0.0.0/8 anywhere
DROP all -- 88.0.0.0/8 anywhere
DROP all -- 89.0.0.0/8 anywhere
DROP all -- 90.0.0.0/8 anywhere
DROP all -- 91.0.0.0/8 anywhere
DROP all -- 92.0.0.0/8 anywhere
DROP all -- 93.0.0.0/8 anywhere
DROP all -- 94.0.0.0/8 anywhere
DROP all -- 95.0.0.0/8 anywhere
DROP all -- 96.0.0.0/8 anywhere
DROP all -- 97.0.0.0/8 anywhere
DROP all -- 98.0.0.0/8 anywhere
DROP all -- 99.0.0.0/8 anywhere
DROP all -- 100.0.0.0/8 anywhere
DROP all -- 101.0.0.0/8 anywhere
DROP all -- 102.0.0.0/8 anywhere
DROP all -- 103.0.0.0/8 anywhere
DROP all -- 104.0.0.0/8 anywhere
DROP all -- 105.0.0.0/8 anywhere
DROP all -- 106.0.0.0/8 anywhere
DROP all -- 107.0.0.0/8 anywhere
DROP all -- 108.0.0.0/8 anywhere
DROP all -- 109.0.0.0/8 anywhere
DROP all -- 110.0.0.0/8 anywhere
DROP all -- 111.0.0.0/8 anywhere
DROP all -- 112.0.0.0/8 anywhere
DROP all -- 113.0.0.0/8 anywhere
DROP all -- 114.0.0.0/8 anywhere
DROP all -- 115.0.0.0/8 anywhere
DROP all -- 116.0.0.0/8 anywhere
DROP all -- 117.0.0.0/8 anywhere
DROP all -- 118.0.0.0/8 anywhere
DROP all -- 119.0.0.0/8 anywhere
DROP all -- 120.0.0.0/8 anywhere
DROP all -- 121.0.0.0/8 anywhere
DROP all -- 122.0.0.0/8 anywhere
DROP all -- 123.0.0.0/8 anywhere
DROP all -- 124.0.0.0/8 anywhere
DROP all -- 124.0.0.0/8 anywhere
DROP all -- 125.0.0.0/8 anywhere
DROP all -- 126.0.0.0/8 anywhere
DROP all -- 128.66.0.0/16 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 197.0.0.0/8 anywhere
DROP all -- 221.0.0.0/8 anywhere
DROP all -- 222.0.0.0/8 anywhere
DROP all -- 223.0.0.0/8 anywhere
DROP all -- 240.0.0.0/4 anywhere
DROP tcp -- anywhere anywhere multiport dports smux,snmp,31337,33270,1234,6711,16660,60001,12345,12346,ingreslock,27665,27444,31335
DROP udp -- anywhere anywhere multiport dports smux,snmp,31337,33270,1234,6711,16660,60001,12345,12346,ingreslock,27665,27444,31335
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DROP all -- anywhere anywhere state INVALID
DROP tcp -- anywhere anywhere tcp option=64
DROP tcp -- anywhere anywhere tcp option=128
FUDP udp -f anywhere anywhere
PZ udp -- anywhere anywhere udp dpt:0
PZ tcp -- anywhere anywhere tcp dpt:0
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:auth reject-with icmp-port-unreachable
DROP udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm
DROP udp -- anywhere 255.255.255.255
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1023:65535
ACCEPT tcp -- anywhere anywhere tcp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh dpts:login:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1023:65535 dpt:ftp state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp-data
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ssh
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:smtp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:domain
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:http
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:https
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:pop3
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:imap
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:19638
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:ftp-data
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp redirect
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp type 30
ACCEPT icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpts:traceroute:33523
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp-data
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ssh
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:smtp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:domain
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:http
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:https
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:pop3
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:imap
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:19638
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:ftp-data
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:domain
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
UDP_POL udp -- anywhere anywhere
TCP_POL tcp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUT_UNCLEAN all -- anywhere anywhere unclean
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
FUDP udp -f anywhere anywhere
PZ udp -- anywhere anywhere udp dpt:0
PZ tcp -- anywhere anywhere tcp dpt:0
ACCEPT udp -- anywhere anywhere udp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp-data
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:smtp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:http
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:https
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpts:1000:40000
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp-data
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:domain
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp-data
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:smtp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:http
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:https
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpts:1000:40000
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp-data
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:domain
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FUDP (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** UDP Frag **'
DROP all -- anywhere anywhere
Chain IN_UNCLEAN (1 references)
target prot opt source destination
UNCLEAN all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `** UNCLEAN ** '
Chain LA (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
ACCEPT all -- anywhere anywhere
Chain LD (4 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUT_UNCLEAN (1 references)
target prot opt source destination
UNCLEAN all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `** UNCLEAN ** '
Chain PZ (4 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** Port Zero **'
DROP all -- anywhere anywhere
Chain SANITY (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain SSH_LOG (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** SSH ** '
Chain STATE (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
DROP all -- anywhere anywhere
Chain TCP_POL (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `** TCP DROP ** '
DROP all -- anywhere anywhere
Chain TELNET_LOG (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** TELNET ** '
Chain UDP_POL (1 references)
target prot opt source destination
LOG udp -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `** UDP DROP ** '
DROP all -- anywhere anywhere
Chain UNCLEAN (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
next reply other threads:[~2003-10-24 14:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-24 14:14 José Nuno Neto [this message]
2003-10-25 20:59 ` FTP SERVER ACCESS Mark E. Donaldson
2003-10-26 13:07 ` jose nuno neto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F9933D3.3020803@liber4e.com \
--to=jose.neto@liber4e.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.