From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jean Carlos <invaderjiks@yahoo.com.br>
Subject: Iptables.up.rules
Date: Fri, 23 Sep 2011 21:33:54 -0300
Message-ID: <4E7D2572.7040603@yahoo.com.br>
Mime-Version: 1.0
Content-Transfer-Encoding: QUOTED-PRINTABLE
Return-path: <netfilter-owner@vger.kernel.org>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br; s=s1024; t=1316824437; bh=2eJaD5zbbS00uLN+lYsCbitWsLckmU1F9IRbRdZJ7OA=; h=X-Yahoo-Newman-Id:X-Yahoo-Newman-Property:X-YMail-OSG:X-Yahoo-SMTP:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=rkV/NKCLEeWR6yLH+WhPag0wl15G1IkARSDLrMDKOTNyjR4/SYmFOOXrnP7yHb3CrRhMLyvGL2c7a/3aYT1v8GyvuR6F4XjcowjdWsFpgvSYFrPiio9VbiQFyyIsa5RwsJmjdH8yzrrarhNNTnlwifRg501lRwuwpOfVzHsk/r4=
Sender: netfilter-owner@vger.kernel.org
List-ID: <netfilter.vger.kernel.org>
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
To: netfilter@vger.kernel.org

Hello Iptables Developemer, i am with problem at my rules of firewall.
I can=B4t connect and do login in emesene e hotmail website.
Some Devolper or programmer can help-me?
=46ollows my rules.
I am newbie in iptables, i just copied the rules of firewall.sh and=20
pasted with terminal.

THANKS
____
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:2349]
:VALID_CHECK - [0:0]
-A INPUT -s 10.0.0.0/8 -i eth0 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -s 10.0.0.0/8 -i wlan0 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -s 172.16.0.0/16 -i eth0 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -s 172.16.0.0/16 -i wlan0 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -s 192.168.0.0/24 -i eth0 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -s 192.168.0.0/24 -i wlan0 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 6885 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 6885 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j REJECT=20
--reject-with icmp-port-unreachable
-A INPUT -i wlan0 -m state --state RELATED,ESTABLISHED -j REJECT=20
--reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 666 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 666 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 4000 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 4000 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 6000 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 6000 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 6006 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 6006 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 16660 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 16660 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 27444 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 27444 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 27665 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 27665 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 31335 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 31335 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 34555 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 34555 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 35555 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 35555 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 3128 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 8080 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -m state --state INVALID -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT=20
--reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p igmp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6000 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 31337 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 31337 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 20034 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 12346 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 12346 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 12345 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 12345 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6713 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6712 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6711 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6670 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1433 -j REJECT --reject-with=20
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix "FIREWALL=
:=20
ssh: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j LOG --log-prefix=20
"FIREWALL: ssh: "
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j LOG --log-prefix "FIREWALL=
:=20
ftp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j LOG --log-prefix=20
"FIREWALL: ftp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j LOG --log-prefix "FIREWALL=
:=20
telnet: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j LOG --log-prefix=20
"FIREWALL: telnet: "
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j LOG --log-prefix "FIREWALL=
:=20
smtp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 25 -j LOG --log-prefix=20
"FIREWALL: smtp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j LOG --log-prefix "FIREWALL=
:=20
http: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 80 -j LOG --log-prefix=20
"FIREWALL: http: "
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j LOG --log-prefix=20
"FIREWALL: pop3: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 110 -j LOG --log-prefix=20
"FIREWALL: pop3: "
-A INPUT -i eth0 -p udp -m udp --dport 111 -j LOG --log-prefix=20
"FIREWALL: rpc: "
-A INPUT -i wlan0 -p udp -m udp --dport 111 -j LOG --log-prefix=20
"FIREWALL: rpc: "
-A INPUT -i eth0 -p tcp -m tcp --dport 113 -j LOG --log-prefix=20
"FIREWALL: identd: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 113 -j LOG --log-prefix=20
"FIREWALL: identd: "
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j LOG --log-prefix=20
"FIREWALL: samba: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 137:139 -j LOG --log-prefix=20
"FIREWALL: samba: "
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j LOG --log-prefix=20
"FIREWALL: samba: "
-A INPUT -i wlan0 -p udp -m udp --dport 137:139 -j LOG --log-prefix=20
"FIREWALL: samba: "
-A INPUT -i eth0 -p tcp -m tcp --dport 161:162 -j LOG --log-prefix=20
"FIREWALL: snmp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 161:162 -j LOG --log-prefix=20
"FIREWALL: snmp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j LOG --log-prefix=20
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 6881 -j LOG --log-prefix=20
"FIREWALL: torrent: "
-A INPUT -i eth0 -p udp -m udp --dport 6885 -j LOG --log-prefix=20
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p udp -m udp --dport 6885 -j LOG --log-prefix=20
"FIREWALL: torrent: "
-A INPUT -i eth0 -p udp -m udp --dport 4444 -j LOG --log-prefix=20
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p udp -m udp --dport 4444 -j LOG --log-prefix=20
"FIREWALL: torrent: "
-A INPUT -i eth0 -p tcp -m tcp --dport 6667:6668 -j LOG --log-prefix=20
"FIREWALL: irc: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 6667:6668 -j LOG --log-prefix=20
"FIREWALL: irc: "
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j LOG --log-prefix=20
"FIREWALL: squid: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 3128 -j LOG --log-prefix=20
"FIREWALL: squid: "
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 86 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 86 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 86 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 86 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 135 -j REJECT --reject-with=20
icmp-port-unreachable
-A FORWARD -i wlan0 -p tcp -m tcp --dport 135 -j REJECT --reject-with=20
icmp-port-unreachable
-A FORWARD -p tcp -m limit --limit 1/sec -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit=20
--limit 1/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,ACK -j=
=20
REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state=20
--state NEW -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -p tcp -m tcp --dport 135 -j REJECT --reject-with=20
icmp-port-unreachable
-A FORWARD -i wlan0 -p tcp -m tcp --dport 135 -j REJECT --reject-with=20
icmp-port-unreachable
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit=20
--limit 1/sec -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCE=
PT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG=20
=46IN,PSH,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG=20
=46IN,SYN,RST,ACK,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG=20
=46IN,SYN,RST,PSH,ACK,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j=
=20
REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j REJECT=20
--reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j REJECT=20
--reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -=
j=20
REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*mangle
:PREROUTING ACCEPT [8114:5358984]
:INPUT ACCEPT [8113:5358408]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8951:1417987]
:POSTROUTING ACCEPT [9173:1456982]
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*nat
:PREROUTING ACCEPT [3:974]
:INPUT ACCEPT [2:398]
:OUTPUT ACCEPT [1446:100049]
:POSTROUTING ACCEPT [8:536]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3=
128
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports =
3128
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*raw
:PREROUTING ACCEPT [8114:5358984]
:OUTPUT ACCEPT [8951:1417987]
COMMIT
# Completed on Thu Sep 22 21:47:12 2011