Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
regole IPTABLES
173 views
Skip to first unread message
sacarde
Nov 29, 2014, 4:58:05 AM11/29/14
to
ciao,
mi dite in parole povere cosa fanno queste regole iptables ?
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
le ho trovate sul mio router
grazie
mi dite in parole povere cosa fanno queste regole iptables ?
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP icmp -- anywhere anywhere icmp destination-unreachable
DROP icmp -- anywhere anywhere state INVALID
le ho trovate sul mio router
grazie
sacarde
Dec 6, 2014, 3:53:38 PM12/6/14
to
mi dicono:
Your router accepts any traffic from already established connections, This mostly means that it is allowed to connect to the world, but any other traffic from your isp is dropped
that are the 2 rules in the INPUT chain that cause that
You forward also any traffic that already has a connection established and drop any unrelated traffic from outside
the first rule in the forward chain is to make sure that the packets send to your isp are not too large
you can read about that here: http://lartc.org/howto/lartc.cookbook.mtu-mss.html
and it filters icmp traffic to outside of the type destination unreachable and icmp traffic that should not be there (The invalid state)
Your router accepts any traffic from already established connections, This mostly means that it is allowed to connect to the world, but any other traffic from your isp is dropped
that are the 2 rules in the INPUT chain that cause that
You forward also any traffic that already has a connection established and drop any unrelated traffic from outside
the first rule in the forward chain is to make sure that the packets send to your isp are not too large
you can read about that here: http://lartc.org/howto/lartc.cookbook.mtu-mss.html
and it filters icmp traffic to outside of the type destination unreachable and icmp traffic that should not be there (The invalid state)
LottoG
Dec 11, 2014, 10:29:29 AM12/11/14
to
sacarde
Dec 11, 2014, 11:29:28 AM12/11/14
to
aethra starbridge EU
LottoG
Dec 12, 2014, 1:08:34 AM12/12/14
to
sacarde <sac...@gmail.com> ha scritto:
> aethra starbridge EU
>
Non capisco molto di iptables ma mi sembrano regole piu' che sufficienti.
Hai attivato lo SPI e c'e' un controllo di base del traffico non normale.
Poi in base a tue esigenze particolari si puo' migliorare il controllo
firewall. Esiste solo un modello che ha 1 porta eth?
Inoltre il firmware e' un linux?
Se possibile, puoi postare qualche screeshot o linkarmi il manuale?
Ciao!
> aethra starbridge EU
>
Non capisco molto di iptables ma mi sembrano regole piu' che sufficienti.
Hai attivato lo SPI e c'e' un controllo di base del traffico non normale.
Poi in base a tue esigenze particolari si puo' migliorare il controllo
firewall. Esiste solo un modello che ha 1 porta eth?
Inoltre il firmware e' un linux?
Se possibile, puoi postare qualche screeshot o linkarmi il manuale?
Ciao!
sacarde
Dec 12, 2014, 3:48:59 AM12/12/14
to
ha sia l'usb che la ethernet
il manuale:
https://www.infostrada.it/fileadmin/Materiale/Fisso-Infostrada/Modem/Manuali/Aetrha_StarBridge_EB1060.pdf
e' un linux ma non saprei.. sara' un embedded
vedo che c'e' un bridge:
br0 con: eth0 e usbrndis
il manuale:
https://www.infostrada.it/fileadmin/Materiale/Fisso-Infostrada/Modem/Manuali/Aetrha_StarBridge_EB1060.pdf
e' un linux ma non saprei.. sara' un embedded
vedo che c'e' un bridge:
br0 con: eth0 e usbrndis
0 new messages