Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: [lug-bg: Netfilter/Iptables vapros]

  • Subject: Re: [lug-bg: Netfilter/Iptables vapros]
  • From: sheib@xxxxxxx (sheib@xxxxxxx)
  • Date: 17 Sep 2001 16:00:58 EET DST


|Petar Ivanov <pivanovus@xxxxxxxxx> wrote:
|Zdrasti! 
|
|
|Imam slednia problem: 
|
|Kernel 2.4, 2 PPP interfaca, koito ne iskam da mogat
|da se skanirat. Kak moga da go napravia s Netfilter?
|
|Blagodaria predvaritelno,
|
|Petar Ivanov
|

S iptables:
 
iptables -N noscan
iptables -A noscan -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A noscan -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
iptables -A noscan -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -j noscan
iptables -P INPUT ACCEPT
 
 
Tova e za navyn, ako iskash mojesh i psd match ot patch-o-matic
da polzvash:
 
iptables -I INPUT -m psd -j DROP
 
Po tozi nachin shte spirash FIN, X-MAS i NULL scans.
Niakoi moje da kaje che triabva i
 
iptables -A noscan -p tcp --tcp-flags ALL ALL -j DROP
 
za X-MAS, no toi _ne_ pozlva vsichki flags, taka che ne e pravilno.
Pyk mojesh i stateful filtering da polzvash ako poveche rabotish
v/u/kato/ desktop.
 
iptables -t filter -N block
iptables -t filter -A block -i ppp+ -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -t filter -A block -i ! ppp+ -m state --state NEW -j ACCEPT
iptables -t filter -A block -i ppp+ -m state --state NEW,INVALID -j LOG
iptables -t filter -A block -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -A INPUT -j block
iptables -P INPUT ACCEPT
 
 
'filter' e po podrazbirane, no pri 1.2.2 imashe niakakyv problem s 2.4.8 iadro
mai.
 
Uspeh,
 
/sh

|__________________________________________________
|Terrorist Attacks on U.S. - How can you help?
|Donate cash, emergency relief information
|http://dailynews.yahoo.com/fc/US/Emergency_Information/
|
|A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
|http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara |Zagora

===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

 
наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.