M
Marktrix
Grünschnabel
Hallo,
habe per Firestarter iptables konfiguriert. Fragt mich nicht wie aber ich habs geschafft meine Internetverbindung komplett zu kappen.
Diese Meldung bekomme ich ununterbrochen im log.
Wenn da jemand drüber guckt und mir sagen könnte welche Einstellungen verhindern, meinen Internetzugang über Ubuntu zu nutzen wäre ich sehr dankbar.
MfG Marktrix
habe per Firestarter iptables konfiguriert. Fragt mich nicht wie aber ich habs geschafft meine Internetverbindung komplett zu kappen.
Code:
iptables --list
PHP:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- res3.netcologne.de anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- res3.netcologne.de anywhere
ACCEPT tcp -- res1.netcologne.de anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- res1.netcologne.de anywhere
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
LSI 0 -f anywhere anywhere limit: avg 10/min burst 5
INBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- xdsl-84-44-128-162.netcologne.de res3.netcologne.de tcp dpt:domain
ACCEPT udp -- xdsl-84-44-128-162.netcologne.de res3.netcologne.de udp dpt:domain
ACCEPT tcp -- xdsl-84-44-128-162.netcologne.de res1.netcologne.de tcp dpt:domain
ACCEPT udp -- xdsl-84-44-128-162.netcologne.de res1.netcologne.de udp dpt:domain
ACCEPT 0 -- anywhere anywhere
DROP 0 -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP 0 -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP 0 -- 255.255.255.255 anywhere
DROP 0 -- anywhere 0.0.0.0
DROP 0 -- anywhere anywhere state INVALID
OUTBOUND 0 -- anywhere anywhere
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSI 0 -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP 0 -- anywhere anywhere
Chain LSO (1 references)
target prot opt source destination
LOG_FILTER 0 -- anywhere anywhere
LOG 0 -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT 0 -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
LSO 0 -- anywhere anywhere
grep -r iptables /etc
PHP:
/etc/ppp/ip-down.d/0clampmss:iptables -t mangle -L -n -v --line-numbers | grep "TCPMSS.*$PPP_IFACE.*clamp" | cut -f1 -d " " | xargs -n1 -r iptables -t mangle -D FORWARD
/etc/ppp/ip-up.d/0clampmss:iptables -t mangle -o "$PPP_IFACE" --insert FORWARD 1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
/etc/bash_completion:# Linux iptables( completion
/etc/bash_completion:have iptables &&
/etc/bash_completion:_iptables()
/etc/bash_completion: COMPREPLY=( $( compgen -W '`iptables $table -nL | \
/etc/bash_completion: `iptables $table -nL | sed -ne "$chain" \
/etc/bash_completion: MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
/etc/bash_completion: MARK TOS `iptables $table -nL | sed -ne "$chain" \
/etc/bash_completion:complete -F _iptables iptables
/etc/firestarter/firewall: echo Fatal error: Your kernel does not support iptables.
/etc/firestarter/firestarter.sh:IPT=/sbin/iptables
Code:
ubuntu kernel: [ 75.965576] Inbound IN=ppp0 OUT= MAC= SRC=156.32.52.232 DST=84.44.233.161 LEN=514 TOS=0x00 PREC=0x00 TTL=56 ID=61162 PROTO=UDP SPT=30331 DPT=1026 LEN=494
Jun 6 07:47:30
Diese Meldung bekomme ich ununterbrochen im log.
Wenn da jemand drüber guckt und mir sagen könnte welche Einstellungen verhindern, meinen Internetzugang über Ubuntu zu nutzen wäre ich sehr dankbar.
MfG Marktrix