iptables dozvoljavanje samo određenih protokolaSituacija je slijedeća: očajno želim stati na kraj s torrentima i ostalom p2p prometu.
Pokušao sam slijedeće, i vidi se da ova pravila hvataju neki promet. Ali ako na kraj dodam DROP, sve stane i ništa ne prolazi (osim pinga, no to ne ide preko layer7 filtra)...
Code:
Chain FORWARD (policy ACCEPT 222K packets, 57M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto aim
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto aimwebcontent
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto cvs
4259 827K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto dns
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ftp
578K 475M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto http
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto imap
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto irc
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto jabber
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto live365
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto msn-filetransfer
7672 1353K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto msnmessenger
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto nntp
26408 18M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ntp
94 9332 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto pop3
30 1456 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto qq
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto radmin
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rdp
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto replaytv-ivs
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rlogin
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rtsp
56211 42M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto shoutcast
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto sip
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto skypeout
2984 447K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto skypetoskype
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ssh
43 2408 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto stun
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto subversion
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto teamspeak
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto telnet
5665 918K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto tsp
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto vnc
2987 614K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto whois
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto yahoo
0 0 ACCEPT tcp -- any any 10.0.252.3 anywhere tcp dpt:smtp
0 0 ACCEPT tcp -- any any 10.0.16.10 anywhere tcp dpt:smtp
0 0 ACCEPT tcp -- any any 10.0.16.11 anywhere tcp dpt:smtp
0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
426 46288 ACCEPT icmp -- any any anywhere anywhere
Chain FORWARD (policy ACCEPT 222K packets, 57M bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto aim
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto aimwebcontent
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto cvs
4259 827K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto dns
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ftp
578K 475M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto http
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto imap
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto irc
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto jabber
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto live365
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto msn-filetransfer
7672 1353K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto msnmessenger
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto nntp
26408 18M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ntp
94 9332 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto pop3
30 1456 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto qq
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto radmin
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rdp
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto replaytv-ivs
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rlogin
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto rtsp
56211 42M ACCEPT all -- any any anywhere anywhere LAYER7 l7proto shoutcast
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto sip
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto skypeout
2984 447K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto skypetoskype
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto ssh
43 2408 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto stun
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto subversion
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto teamspeak
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto telnet
5665 918K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto tsp
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto vnc
2987 614K ACCEPT all -- any any anywhere anywhere LAYER7 l7proto whois
0 0 ACCEPT all -- any any anywhere anywhere LAYER7 l7proto yahoo
0 0 ACCEPT tcp -- any any 10.0.252.3 anywhere tcp dpt:smtp
0 0 ACCEPT tcp -- any any 10.0.16.10 anywhere tcp dpt:smtp
0 0 ACCEPT tcp -- any any 10.0.16.11 anywhere tcp dpt:smtp
0 0 REJECT tcp -- any any anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable
426 46288 ACCEPT icmp -- any any anywhere anywhere
Gdje griješim?
Hvala!
http://www.dropbox.com/referrals/NTQ0MTI2NDc5
https://www.agronomija.info/
Failure is not an option. It comes bundled with your Microsoft product.
https://www.agronomija.info/
Failure is not an option. It comes bundled with your Microsoft product.
