[Techtalk] More fiddling-generated problems
Patricia Fraser
trish at thefrasers.org
Tue Jul 9 11:50:21 EST 2002
Hi, and thanks to Nils and Raven! (I'm secretly hugging myself for even
almost working out what was going on...)
Nils, I added the rule you suggested, and it was already there; it just
causes
ACCEPT all -- anywhere anywhere
to appear twice.
I'm assuming the first DROP rule is my problem - is it a fall-through set of
rules?
And (after much searching) I don't know where the rules live; I get this by
doing iptables -L and sending the output to a file. If I make changes (once I
have an idea of what changes to make), how do I make them permanent? I've
read through the manpage for iptables and it's not apparent that there's a
set of rules anywhere that gets read?
Here's the original set of rules (apologies for length):
-----
Chain INPUT (policy DROP)
target prot opt source destination
DROP tcp -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/4 anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
PUB_IN all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
PUB_OUT all -- anywhere anywhere
Chain INT_IN (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain INT_OUT (0 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain PUB_IN (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp
destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
LOG tcp -- anywhere anywhere tcp dpt:telnet
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:ftp state
INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:imap
state INVALID,NEW limit: avg
5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:finger
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:sunrpc
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:exec
state INVALID,NEW limit: avg
5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:login
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:tacnews
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG tcp -- anywhere anywhere tcp dpt:ssh state
INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG udp -- anywhere anywhere udp dpt:31337
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
LOG icmp -- anywhere anywhere icmp echo-request
state INVALID,NEW limit: avg 5/sec burst 8 LOG level warning prefix `audit'
DROP icmp -- anywhere anywhere
DROP all -- anywhere anywhere
Chain PUB_OUT (3 references)
target prot opt source destination
REJECT icmp -- anywhere anywhere icmp
destination-unreachable reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp
time-exceeded reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere
-----
Thanks so much!
-----
Trish Fraser, Sunbury, Australia
trish at thefrasers.org
www.computerbank.org.au
-----
More information about the Techtalk
mailing list