Re: [Fedora-users-br] iptables travando a máquina na inicialização
Otto Fuchshuber Filho
o2to2f em gmail.com
Sáb Maio 26 16:16:58 UTC 2007
Abra uma regra na chain INPUT permitindo tudo para source de
localhost.
Saudações,
Otto Fuchshuber Filho
o2to2f em gmail.com
PaTricK escreveu, Em 26-05-2007 12:28:
> Ele trava na hora que vai abrir a interface gráfica.
> quando aparece "daemon HAL..."
>
> trava somente se deixo essas regras no iptables
>
>
>
> que bloqueia tudo no INPUT para depois ir liberando somente o que quero.
> Se uso essas regras aqui:
>
> iptables -P FORWARD ACCEPT
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
>
>
> Ele nao trava com essas regras no ACCEPT para liberar tudo.
>
>
> PaTricK
>
> Fabio Aragao escreveu:
>> vc sabe axatamente onde esta o problema ???
>> caso negativo vc pode tentar uma pequeno macetezinho
>> coloque um echo em deteminado ponto no script tipo;
>>
>> echo "erro começo"
>>
>> regra
>> regra
>> regra
>>
>> echo "erro final"
>>
>>
>> execute o script e o que aparecer entre estes "echos"
>> vc ja vai eliminando onde esta o erro do que ficar
>> procurando linha por linha.....
>>
>> ou
>>
>> utilize este inicio
>>
>> echo "Limpando regras do firewall"
>> ###################
>> # FLUSH ALL RULES #
>> ###################
>> iptables -P INPUT ACCEPT
>> iptables -P OUTPUT ACCEPT
>> iptables -P FORWARD ACCEPT
>> iptables -t nat -P PREROUTING ACCEPT
>> iptables -t nat -P POSTROUTING ACCEPT
>> iptables -t nat -P OUTPUT ACCEPT
>>
>> iptables -t mangle -P PREROUTING ACCEPT
>> iptables -t mangle -P OUTPUT ACCEPT
>>
>>
>> #
>> # flush all the rules in the filter and nat tables.
>> #
>> iptables -F
>> iptables -t nat -F
>> iptables -t mangle -F
>>
>> #
>> # erase all chains that's not default in filter and
>> nat table.
>> #
>> iptables -X
>> iptables -t nat -X
>> iptables -t mangle -X
>>
>> #
>> # zera contadores de todas as chains.
>> #
>> iptables -Z
>> iptables -t nat -Z
>> iptables -t mangle -Z
>>
>> espero que ajude
>>
>>
>>
>> --- PaTricK <patrick_rsl em yahoo.com.br> escreveu:
>>
>>
>>> Eu resolvi bloquea tudo com o iptables... mas quando
>>> o computador está iniciando ele trava na parte
>>> "daemon HAL..."
>>> Ele trava somente quando boto essas regras:
>>>
>>> iptables -F
>>> iptables -t nat -F
>>>
>>> iptables -P FORWARD DROP
>>> iptables -P INPUT DROP
>>> iptables -P OUTPUT ACCEPT
>>>
>>> Gostaria de saber o que tenho que libera pra ele não
>>> travar? ou se não é esse o problema qual é?
>>>
>>> Aqui está meu iptables :
>>>
>>> iptables -F
>>> iptables -t nat -F
>>>
>>> iptables -P FORWARD DROP
>>> iptables -P INPUT DROP
>>> iptables -P OUTPUT ACCEPT
>>>
>>> iptables -A POSTROUTING -t nat -p all -s 10.1.1.0/29
>>> -o eth0 -j MASQUERADE
>>>
>>> #Libera Loopback
>>> iptables -A INPUT -p tcp --syn -s
>>> 127.0.0.1/255.0.0.0 -j ACCEPT
>>> iptables -t nat -A POSTROUTING -o lo -j ACCEPT
>>>
>>> iptables -A OUTPUT -p icmp -s 10.1.1.2 -d
>>> 10.1.1.0/255.255.255.248 --icmp-type 8 -j ACCEPT
>>> iptables -A INPUT -p icmp -s 10.1.1.2 -d
>>> 10.1.1.0/255.255.255.248 --icmp-type 8 -j ACCEPT
>>> iptables -A OUTPUT -p icmp -s 10.1.1.2 -d
>>> 10.1.1.0/255.255.255.248 --icmp-type 0 -j ACCEPT
>>> iptables -A INPUT -p icmp -s 10.1.1.2 -d
>>> 10.1.1.0/255.255.255.248 --icmp-type 0 -j ACCEPT
>>>
>>> iptables -A OUTPUT -p udp -s 10.1.1.2 -d 0/0 --dport
>>> 53 -j ACCEPT
>>> iptables -A INPUT -p udp -s 0/0 -d 10.1.1.2 --sport
>>> 53 -j ACCEPTiptables -A INPUT -p icmp -s 0/0 -d 10.1.1.2 --icmp-type
>>> 0 -j
>>> ACCEPT
>>> iptables -A OUTPUT -p tcp -s 10.1.1.2 -d 0/0 --dport
>>> 80 -j ACCEPT
>>> iptables -A INPUT -p tcp -s 0/0 -d 10.1.1.2 --sport
>>> 80 -j ACCEPT
>>>
>>> iptables -A FORWARD -p udp -s 192.168.1.0/24 -d 0/0
>>> --dport 53 -j ACCEPT
>>> iptables -A FORWARD -p udp -s 0/0 -d 192.168.1.0/24
>>> --sport 53 -j ACCEPT
>>> iptables -A FORWARD -p icmp -s 192.168.1.0/24 -d 0/0
>>> --icmp-type 8 -j ACCEPT
>>> iptables -A FORWARD -p icmp -s 0/0 -d 192.168.1.0/24
>>> --icmp-type 0 -j ACCEPT
>>> iptables -A FORWARD -p tcp -s 192.168.1.0/24 -d 0/0
>>> --dport 80 -j ACCEPT
>>> iptables -A FORWARD -p tcp -s 0/0 -d 192.168.1.0/24
>>> --sport 80 -j ACCEPT
>>>
>>>
>>> #Libera e-mail e SSH
>>> iptables -A INPUT -s 0/0 -p tcp -m multiport --sport
>>> 2222,25,110,4617 -j ACCEPT
>>> iptables -A INPUT -s 0/0 -p tcp -m multiport --dport
>>> 2222,25,110,4617 -j ACCEPT
>>>
>>> #Libera MSN
>>> iptables -A INPUT -s 0/0 -p tcp -m multiport --sport
>>>
>>> 1863,1864,6891,6900,6901,1863,5190,6901 -j ACCEPT
>>> iptables -A INPUT -s 0/0 -p tcp -m multiport --dport
>>>
>>> 1863,1864,6891,6900,6901,1863,5190,6901 -j ACCEPT
>>>
>>> iptables -A POSTROUTING -t nat -p all -s 10.1.1.0/29
>>> -o eth0 -j MASQUERADE
>>>
>>> #SQUID
>>> #/sbin/modprobe iptables_nat
>>>
>>> #iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp
>>> --dport 80 -j REDIRECT --to-port 3128
>>>
>>> #iptables -t nat -A PREROUTING -s 0/0 -p tcp --dport
>>> 80 -j REDIRECT --to-port 3128
>>>
>>> #iptables -t nat -A PREROUTING -s 0/0 -p udp --dport
>>> 80 -j REDIRECT --to-port 3128
>>> iptables -A OUTPUT -p icmp -s 10.1.1.2 -d 0/0
>>> --icmp-type 8 -j ACCEPT
>>>
>>> #VNCserver
>>> iptables -A INPUT -p tcp --dport 5801 -j ACCEPT
>>> iptables -A INPUT -p tcp --dport 5901 -j ACCEPT
>>>
>>> #Nessus
>>> iptables -A INPUT -p tcp --dport 1241 -j ACCEPT
>>>
>>> #Azureus
>>> #iptables -A INPUT -p tcp --dport 18637 -j ACCEPT
>>> iptables -A INPUT -p tcp --dport 35558 -j ACCEPT
>>> iptables -A INPUT -p udp --dport 35558 -j ACCEPT
>>>
>>> #Portas eMule
>>>
>>> iptables -A INPUT -s 0/0 -p tcp -m multiport --sport
>>>
>>> 4662,443,4661,4462,4242,3306 -j ACCEPT
>>> iptables -A INPUT -s 0/0 -p udp -m multiport --sport
>>>
>>> 4662,443,4661,4462,4242,3306 -j ACCEPT
>>> iptables -A INPUT -s 0/0 -p tcp -m multiport --dport
>>>
>>> 4662,443,4661,4462,4242,3306 -j ACCEPT
>>> iptables -A INPUT -s 0/0 -p udp -m multiport --dport
>>>
>>> 4662,443,4661,4462,4242,3306 -j ACCEPT
>>> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport
>>> 4662 -j DNAT --to-destination 10.1.1.2
>>> iptables -t nat -A PREROUTING -i eth0 -p tcp -m
>>> multiport --dports 443,4661,4462,4242,3306 -j DNAT --to-destination
>>> 10.1.1.2
>>> iptables -t nat -A PREROUTING -i eth0 -p udp -m
>>> multiport --dports 4672,4465,4468,4246,3310 -j DNAT --to-destination
>>> 10.1.1.2
>>> iptables -t nat -A PREROUTING -i eth0 -p udp --dport
>>> 1024: -j DNAT --to-destination 10.1.1.2
>>>
>>> Alguem poderia me dar uma dica?
>>> Valeu!
>>>
>>> PaTricK
>>>
>>>
>>> --
>>> Fedora-users-br mailing list
>>> Fedora-users-br em redhat.com
>>>
>>>
>> https://www.redhat.com/mailman/listinfo/fedora-users-br
>>
>>
>> __________________________________________________
>> Fale com seus amigos de graça com o novo Yahoo! Messenger
>> http://br.messenger.yahoo.com/
>> --
>> Fedora-users-br mailing list
>> Fedora-users-br em redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-users-br
>>
>>
>
> --
> Fedora-users-br mailing list
> Fedora-users-br em redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-users-br
>
Mais detalhes sobre a lista de discussão Fedora-users-br