Iptables.up.rules - Jean Carlos

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jean Carlos <invaderjiks@yahoo.com.br>
To: netfilter@vger.kernel.org
Subject: Iptables.up.rules
Date: Fri, 23 Sep 2011 21:33:54 -0300	[thread overview]
Message-ID: <4E7D2572.7040603@yahoo.com.br> (raw)

Hello Iptables Developemer, i am with problem at my rules of firewall.
I can´t connect and do login in emesene e hotmail website.
Some Devolper or programmer can help-me?
Follows my rules.
I am newbie in iptables, i just copied the rules of firewall.sh and 
pasted with terminal.

THANKS
____
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:2349]
:VALID_CHECK - [0:0]
-A INPUT -s 10.0.0.0/8 -i eth0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 10.0.0.0/8 -i wlan0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 172.16.0.0/16 -i eth0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 172.16.0.0/16 -i wlan0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 192.168.0.0/24 -i eth0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 192.168.0.0/24 -i wlan0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 6885 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 6885 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j REJECT 
--reject-with icmp-port-unreachable
-A INPUT -i wlan0 -m state --state RELATED,ESTABLISHED -j REJECT 
--reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 666 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 666 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 4000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 4000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 6000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 6000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 6006 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 6006 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 16660 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 16660 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 27444 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 27444 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 27665 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 27665 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 31335 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 31335 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 34555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 34555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 35555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 35555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 3128 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 8080 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -m state --state INVALID -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT 
--reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p igmp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 31337 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 31337 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 20034 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 12346 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 12346 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 12345 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 12345 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6713 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6712 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6711 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6670 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1433 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix "FIREWALL: 
ssh: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j LOG --log-prefix 
"FIREWALL: ssh: "
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j LOG --log-prefix "FIREWALL: 
ftp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j LOG --log-prefix 
"FIREWALL: ftp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j LOG --log-prefix "FIREWALL: 
telnet: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j LOG --log-prefix 
"FIREWALL: telnet: "
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j LOG --log-prefix "FIREWALL: 
smtp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 25 -j LOG --log-prefix 
"FIREWALL: smtp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j LOG --log-prefix "FIREWALL: 
http: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 80 -j LOG --log-prefix 
"FIREWALL: http: "
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j LOG --log-prefix 
"FIREWALL: pop3: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 110 -j LOG --log-prefix 
"FIREWALL: pop3: "
-A INPUT -i eth0 -p udp -m udp --dport 111 -j LOG --log-prefix 
"FIREWALL: rpc: "
-A INPUT -i wlan0 -p udp -m udp --dport 111 -j LOG --log-prefix 
"FIREWALL: rpc: "
-A INPUT -i eth0 -p tcp -m tcp --dport 113 -j LOG --log-prefix 
"FIREWALL: identd: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 113 -j LOG --log-prefix 
"FIREWALL: identd: "
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i wlan0 -p udp -m udp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i eth0 -p tcp -m tcp --dport 161:162 -j LOG --log-prefix 
"FIREWALL: snmp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 161:162 -j LOG --log-prefix 
"FIREWALL: snmp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 6881 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i eth0 -p udp -m udp --dport 6885 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p udp -m udp --dport 6885 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i eth0 -p udp -m udp --dport 4444 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p udp -m udp --dport 4444 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i eth0 -p tcp -m tcp --dport 6667:6668 -j LOG --log-prefix 
"FIREWALL: irc: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 6667:6668 -j LOG --log-prefix 
"FIREWALL: irc: "
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j LOG --log-prefix 
"FIREWALL: squid: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 3128 -j LOG --log-prefix 
"FIREWALL: squid: "
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 86 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 86 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 86 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 86 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -i wlan0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -p tcp -m limit --limit 1/sec -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit 
--limit 1/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,ACK -j 
REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state 
--state NEW -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -i wlan0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit 
--limit 1/sec -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG 
FIN,PSH,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG 
FIN,SYN,RST,ACK,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG 
FIN,SYN,RST,PSH,ACK,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j 
REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j REJECT 
--reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j REJECT 
--reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j 
REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*mangle
:PREROUTING ACCEPT [8114:5358984]
:INPUT ACCEPT [8113:5358408]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8951:1417987]
:POSTROUTING ACCEPT [9173:1456982]
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*nat
:PREROUTING ACCEPT [3:974]
:INPUT ACCEPT [2:398]
:OUTPUT ACCEPT [1446:100049]
:POSTROUTING ACCEPT [8:536]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*raw
:PREROUTING ACCEPT [8114:5358984]
:OUTPUT ACCEPT [8951:1417987]
COMMIT
# Completed on Thu Sep 22 21:47:12 2011

next             reply	other threads:[~2011-09-24  0:33 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-09-24  0:33 Jean Carlos [this message]
2011-09-24  9:03 ` Iptables.up.rules Andrew Beverley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4E7D2572.7040603@yahoo.com.br \
    --to=invaderjiks@yahoo.com.br \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.