Quote:
Originally Posted by ilikejam
Hi.
What does 'iptables -L' look like?
Dave
|
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.10.1 anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- 192.168.10.1 anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP 0 -- anywhere 255.255.255.255
DROP 0 -- anywhere 192.168.10.255
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere default
DROP 0 -- anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 -- anywhere anywhere
INBOUND 0 -- anywhere 192.168.0.1
INBOUND 0 -- anywhere myhostname.mydomain.tld
INBOUND 0 -- anywhere 192.168.0.255
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND 0 -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- myhostname.mydomain.tld 192.168.10.1 tcp dpt:domain
ACCEPT udp -- myhostname.mydomain.tld 192.168.10.1 udp dpt:domain
ACCEPT 0 -- anywhere anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere default
DROP 0 -- anywhere anywhere state INVALID
OUTBOUND 0 -- anywhere anywhere
OUTBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- 192.168.10.0/24 anywhere
ACCEPT 0 -- 192.168.100.0/24 anywhere
ACCEPT 0 -- 192.168.0.0/24 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpts:62778:gnut-NAT
ACCEPT udp -- anywhere anywhere udp dpts:62778:gnut-NAT
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT udp -- anywhere anywhere udp dpt:25
ACCEPT tcp -- anywhere anywhere tcp dpt:10025
ACCEPT udp -- anywhere anywhere udp dpt:10025
ACCEPT tcp -- 169.157.0.0/16 anywhere tcp dpts:ftp-data:ftp
ACCEPT udp -- 169.157.0.0/16 anywhere udp dpts:20:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt
op3
ACCEPT udp -- anywhere anywhere udp dpt
op3
LSI 0 -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP 0 -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT 0 -- anywhere anywhere
Actually, I've tried it with and without Firestarter active. If I tell Firestarter to deactivate, then run iptables -L, I get this:
Code:
{YOU ARE ROOT}
[myhostname][pts/0]
[root][~]# /etc/init.d/firestarter stop
Stopping the Firestarter firewall:done.
{YOU ARE ROOT}
[myhostname][pts/0]
[root][~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
{YOU ARE ROOT}
[myhostname][pts/0]
[root][~]# ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
--- localhost ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3011ms
{YOU ARE ROOT}
[myhostname][pts/0]
[root][~]#