From: "José Nuno Neto" <jose.neto@liber4e.com>
To: netfilter@lists.netfilter.org
Subject: FTP SERVER ACCESS
Date: Fri, 24 Oct 2003 15:14:43 +0100 [thread overview]
Message-ID: <3F9933D3.3020803@liber4e.com> (raw)
Hi,
I have a friewall script from
http://www.rfxnetworks.com/apf.php
I've followed intructions and have access to everythin i wnat except for
FTP Server
Can anyone point what ports/action must i do?
thanx
-------------------------------------------
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
IN_UNCLEAN all -- anywhere anywhere unclean
ACCEPT all -- anywhere anywhere
TELNET_LOG tcp -- anywhere anywhere tcp dpt:telnet state NEW
SSH_LOG tcp -- anywhere anywhere tcp dpt:ssh state NEW
DROP all -- 1.0.0.0/8 anywhere
DROP all -- 2.0.0.0/8 anywhere
DROP all -- 5.0.0.0/8 anywhere
DROP all -- 7.0.0.0/8 anywhere
DROP all -- 23.0.0.0/8 anywhere
DROP all -- 27.0.0.0/8 anywhere
DROP all -- 31.0.0.0/8 anywhere
DROP all -- 36.0.0.0/8 anywhere
DROP all -- 37.0.0.0/8 anywhere
DROP all -- 39.0.0.0/8 anywhere
DROP all -- 41.0.0.0/8 anywhere
DROP all -- 42.0.0.0/8 anywhere
DROP all -- 58.0.0.0/8 anywhere
DROP all -- 59.0.0.0/8 anywhere
DROP all -- 60.0.0.0/8 anywhere
DROP all -- 70.0.0.0/8 anywhere
DROP all -- 71.0.0.0/8 anywhere
DROP all -- 72.0.0.0/8 anywhere
DROP all -- 73.0.0.0/8 anywhere
DROP all -- 74.0.0.0/8 anywhere
DROP all -- 75.0.0.0/8 anywhere
DROP all -- 76.0.0.0/8 anywhere
DROP all -- 77.0.0.0/8 anywhere
DROP all -- 78.0.0.0/8 anywhere
DROP all -- 78.0.0.0/8 anywhere
DROP all -- 79.0.0.0/8 anywhere
DROP all -- 83.0.0.0/8 anywhere
DROP all -- 84.0.0.0/8 anywhere
DROP all -- 85.0.0.0/8 anywhere
DROP all -- 86.0.0.0/8 anywhere
DROP all -- 87.0.0.0/8 anywhere
DROP all -- 88.0.0.0/8 anywhere
DROP all -- 89.0.0.0/8 anywhere
DROP all -- 90.0.0.0/8 anywhere
DROP all -- 91.0.0.0/8 anywhere
DROP all -- 92.0.0.0/8 anywhere
DROP all -- 93.0.0.0/8 anywhere
DROP all -- 94.0.0.0/8 anywhere
DROP all -- 95.0.0.0/8 anywhere
DROP all -- 96.0.0.0/8 anywhere
DROP all -- 97.0.0.0/8 anywhere
DROP all -- 98.0.0.0/8 anywhere
DROP all -- 99.0.0.0/8 anywhere
DROP all -- 100.0.0.0/8 anywhere
DROP all -- 101.0.0.0/8 anywhere
DROP all -- 102.0.0.0/8 anywhere
DROP all -- 103.0.0.0/8 anywhere
DROP all -- 104.0.0.0/8 anywhere
DROP all -- 105.0.0.0/8 anywhere
DROP all -- 106.0.0.0/8 anywhere
DROP all -- 107.0.0.0/8 anywhere
DROP all -- 108.0.0.0/8 anywhere
DROP all -- 109.0.0.0/8 anywhere
DROP all -- 110.0.0.0/8 anywhere
DROP all -- 111.0.0.0/8 anywhere
DROP all -- 112.0.0.0/8 anywhere
DROP all -- 113.0.0.0/8 anywhere
DROP all -- 114.0.0.0/8 anywhere
DROP all -- 115.0.0.0/8 anywhere
DROP all -- 116.0.0.0/8 anywhere
DROP all -- 117.0.0.0/8 anywhere
DROP all -- 118.0.0.0/8 anywhere
DROP all -- 119.0.0.0/8 anywhere
DROP all -- 120.0.0.0/8 anywhere
DROP all -- 121.0.0.0/8 anywhere
DROP all -- 122.0.0.0/8 anywhere
DROP all -- 123.0.0.0/8 anywhere
DROP all -- 124.0.0.0/8 anywhere
DROP all -- 124.0.0.0/8 anywhere
DROP all -- 125.0.0.0/8 anywhere
DROP all -- 126.0.0.0/8 anywhere
DROP all -- 128.66.0.0/16 anywhere
DROP all -- 172.16.0.0/12 anywhere
DROP all -- 197.0.0.0/8 anywhere
DROP all -- 221.0.0.0/8 anywhere
DROP all -- 222.0.0.0/8 anywhere
DROP all -- 223.0.0.0/8 anywhere
DROP all -- 240.0.0.0/4 anywhere
DROP tcp -- anywhere anywhere multiport dports smux,snmp,31337,33270,1234,6711,16660,60001,12345,12346,ingreslock,27665,27444,31335
DROP udp -- anywhere anywhere multiport dports smux,snmp,31337,33270,1234,6711,16660,60001,12345,12346,ingreslock,27665,27444,31335
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
DROP all -- anywhere anywhere state INVALID
DROP tcp -- anywhere anywhere tcp option=64
DROP tcp -- anywhere anywhere tcp option=128
FUDP udp -f anywhere anywhere
PZ udp -- anywhere anywhere udp dpt:0
PZ tcp -- anywhere anywhere tcp dpt:0
REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:auth reject-with icmp-port-unreachable
DROP udp -- anywhere anywhere multiport dports netbios-ns,netbios-dgm
DROP udp -- anywhere 255.255.255.255
ACCEPT udp -- anywhere anywhere udp spt:domain dpts:1023:65535
ACCEPT tcp -- anywhere anywhere tcp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh dpts:login:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpt:ssh state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1023:65535 dpt:ftp state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp-data
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ssh
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:smtp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:domain
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:http
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:https
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:pop3
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:imap
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:19638
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:ftp-data
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:domain
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp redirect
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp type 30
ACCEPT icmp -- anywhere anywhere icmp echo-request
DROP icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpts:traceroute:33523
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp-data
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ftp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:ssh
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:smtp
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:domain
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:http
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:https
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:pop3
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:imap
ACCEPT tcp -- anywhere xxx.SERVER.IP.xxx tcp dpt:19638
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:ftp-data
ACCEPT udp -- anywhere xxx.SERVER.IP.xxx udp dpt:domain
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
UDP_POL udp -- anywhere anywhere
TCP_POL tcp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUT_UNCLEAN all -- anywhere anywhere unclean
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
LD all -- 255.255.255.255 anywhere
LD all -- anywhere 0.0.0.0
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN
DROP tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,RST/FIN,RST
DROP tcp -- anywhere anywhere tcp flags:FIN,ACK/FIN
DROP tcp -- anywhere anywhere tcp flags:PSH,ACK/PSH
DROP tcp -- anywhere anywhere tcp flags:ACK,URG/URG
FUDP udp -f anywhere anywhere
PZ udp -- anywhere anywhere udp dpt:0
PZ tcp -- anywhere anywhere tcp dpt:0
ACCEPT udp -- anywhere anywhere udp spts:1023:65535 dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere udp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts:1023:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere multiport dports ftp,ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp-data
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:smtp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:http
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:https
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpts:1000:40000
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp-data
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:domain
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp-data
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:ftp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:smtp
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:http
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpt:https
ACCEPT tcp -- xxx.SERVER.IP.xxx anywhere tcp dpts:1000:40000
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp-data
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:ftp
ACCEPT udp -- xxx.SERVER.IP.xxx anywhere udp dpt:domain
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FUDP (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** UDP Frag **'
DROP all -- anywhere anywhere
Chain IN_UNCLEAN (1 references)
target prot opt source destination
UNCLEAN all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `** UNCLEAN ** '
Chain LA (0 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
ACCEPT all -- anywhere anywhere
Chain LD (4 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUT_UNCLEAN (1 references)
target prot opt source destination
UNCLEAN all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level warning prefix `** UNCLEAN ** '
Chain PZ (4 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** Port Zero **'
DROP all -- anywhere anywhere
Chain SANITY (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain SSH_LOG (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** SSH ** '
Chain STATE (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
DROP all -- anywhere anywhere
Chain TCP_POL (1 references)
target prot opt source destination
LOG tcp -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `** TCP DROP ** '
DROP all -- anywhere anywhere
Chain TELNET_LOG (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning prefix `** TELNET ** '
Chain UDP_POL (1 references)
target prot opt source destination
LOG udp -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `** UDP DROP ** '
DROP all -- anywhere anywhere
Chain UNCLEAN (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
next reply other threads:[~2003-10-24 14:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-10-24 14:14 José Nuno Neto [this message]
2003-10-25 20:59 ` FTP SERVER ACCESS Mark E. Donaldson
2003-10-26 13:07 ` jose nuno neto
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F9933D3.3020803@liber4e.com \
--to=jose.neto@liber4e.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox