Đây là lệnh của e trong iptables nhưng khi log vào ftp ko được phải stop mới log được vào
a/c giúp em với
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:LOGNDROP - [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p tcp -m tcp -m state ! --tcp-flags FIN,SYN,RST,ACK SYN --state NEW -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK -j LO GNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOGNDROP
-A INPUT -f -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,U RG -j LOGNDROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOGNDROP
-A INPUT -m state --state INVALID -j LOGNDROP
-A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 --state NEW --set --name SSH --rsource
-A INPUT -p tcp -m tcp -m state -m recent -i eth0 --dport 22 --state NEW -j LOGN DROP --update --seconds 300 --hitcount 4 --rttl --name SSH --rsource
-A INPUT -p tcp -m tcp -m state -m limit --dport 80 --limit 25/min --limit-burst 100 --state NEW -j ACCEPT
-A INPUT -m state -m limit --limit 50/sec --limit-burst 50 --state RELATED,ESTAB LISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport -m state -i eth0 --state NEW,ESTABLISHED -j ACCEPT --dports 22,80,443,10000
-A INPUT -p tcp -m tcp -m multiport -m state -i eth0 --state ESTABLISHED -j ACCE PT --sports 80,443
-A INPUT -p udp -m udp -m multiport -i eth0 -j ACCEPT --sports 123,53
-A INPUT -p tcp -m tcp -m state -d xxx.xxx.xxx.xxx --dport 21 --sport 1024:65535 --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp -m state -d xxx.xxx.xxx.xxx --dport 1024:65535 --sport 10 24:65535 --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m tcp -m state -d xxx.xxx.xxx.xxx --dport 20 --sport 1024:65535 --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 22 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --leng th 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 25 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --leng th 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 80 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --leng th 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 443 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --len gth 40:60
-A INPUT -p tcp -m tcp -m state -m length -d xxx.xxx.xxx.xxx -i eth0 --dport 110 --sport 1024:65535 --tcp-flags SYN,ACK,FIN,RST SYN --state NEW -j ACCEPT --len gth 40:60
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK -j L OGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j LOGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j LOGNDROP
-A OUTPUT -f -j LOGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK, URG -j LOGNDROP
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j LOGNDROP
-A OUTPUT -m state --state INVALID -j LOGNDROP
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j LOGNDROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m multiport -m state -o eth0 --state ESTABLISHED -j ACCEPT --s ports 22,80,443,10000
-A OUTPUT -p tcp -m tcp -m multiport -m state -o eth0 --state NEW,ESTABLISHED -j ACCEPT --dports 80,443
-A OUTPUT -p udp -m udp -m multiport -o eth0 -j ACCEPT --dports 123,53
-A OUTPUT -p tcp -m tcp -m state -s xxx.xxx.xxx.xxx --dport 1024:65535 --sport 2 1 --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp -m state -s xxx.xxx.xxx.xxx --dport 1024:65535 --sport 1 024:65535 --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp -m state -s xxx.xxx.xxx.xxx --dport 1024:65535 --sport 2 0 --state ESTABLISHED,RELATED -j ACCEPT
-A LOGNDROP -j LOG --log-prefix "LOGNDROP: "
-A LOGNDROP -j DROP
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
REROUTING ACCEPT [0:0]
OSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -j REDIRECT --to-ports 9
COMMIT
# Completed
|