[fli4l] fli4l 3.6.2 - IP blocken
Ulrich Hupe
Ulrich.Hupe at t-online.de
Do Feb 14 16:35:11 CET 2013
Am 14.02.2013 14:53, schrieb Carsten Spieß:
> Hallo Ulrich,
>
>> ok, hier die komplette Regel extra Prerouting verwende ich nicht.
> [...]
> Das sieht für mich soweit eigentlich o.k. aus.
> was sagt `iptables -t filter -L` und `iptables -t nat -L` auf dem fli4l?
>
> #------------------------------------------------------------------------------
>> und noch das Portforwarding:
>> PORTFW_6_TARGET='16490' # : forward ext. port 16490 für EIS
>> PORTFW_6_NEW_TARGET='192.168.154.4' # ...to int. host 192.168.154.xx
>> PORTFW_6_PROTOCOL='tcp' # ...using tcp
>
> was ist mit den ersten 5 PORTFW Regeln ?
> (die erzeugen auch zu den iptables regeln)
>
> Gruß
>
> Carsten
>
ok, das dürfte aber bedeutungslos sein:
PORTFW_N='8' # how many portforwardings to set up
PORTFW_1_TARGET='4661-4662' #forwarding emule
PORTFW_1_NEW_TARGET='192.168.54.2'
PORTFW_1_PROTOCOL='tcp'
PORTFW_2_TARGET='4665' #forwarding emule
PORTFW_2_NEW_TARGET='192.168.54.2'
PORTFW_2_PROTOCOL='udp'
PORTFW_3_TARGET='4672' #forwarding emule
PORTFW_3_NEW_TARGET='192.168.54.2'
PORTFW_3_PROTOCOL='udp'
PORTFW_4_TARGET='1503' #forwarding netmeeting 1503
PORTFW_4_NEW_TARGET='192.168.54.3'
PORTFW_4_PROTOCOL='tcp'
PORTFW_5_TARGET='1720' #forwarding netmeeting 1720
PORTFW_5_NEW_TARGET='192.168.54.3'
PORTFW_5_PROTOCOL='tcp'
das nächste dürfte hier dieser Auszug sein:
da sind die richtig drin.....
1 556K 117M accoutlive ppp0 Acc out LiveTraf pppoe
2 688K 736M accinlive ppp0 Acc in LiveTraf pppoe
3 556K 117M accout ppp0 Acc out pppoe
4 688K 736M accin ppp0 Acc in pppoe
5 6347 355K TCPMSS tcp ppp0 tcp flags:0x06/0x02 TCPMSS clamp to
PMTU
6 1499K 1043M ACCEPT state RELATED,ESTABLISHED
PF_FORWARD_ACCEPT_DEF
7 261 15236 fw-drp-log state INVALID PF_FORWARD_ACCEPT_DEF
8 0 0 fw-drp-log 127.0.0.1 state NEW PF_FORWARD_ACCEPT_DEF
9 0 0 fw-drp-log 127.0.0.1 state NEW PF_FORWARD_ACCEPT_DEF
10 9278 561K PORTFWACCESS state NEW PF_FORWARD_ACCEPT_DEF
11 0 0 fw-drp-log 150.70.0.0/16 192.168.154.4
PF_FORWARD_1='150.70.0.0/16 192.168.154.4 DROP BIDIRECTIONAL'
12 0 0 fw-drp-log 192.168.154.4 150.70.0.0/16
PF_FORWARD_1='150.70.0.0/16 192.168.154.4 DROP BIDIRECTIONAL'
13 0 0 fw-drp-log 216.104.15.0/24 192.168.154.4
PF_FORWARD_2='216.104.15.0/24 192.168.154.4 DROP BIDIRECTIONAL'
14 0 0 fw-drp-log 192.168.154.4 216.104.15.0/24
PF_FORWARD_2='216.104.15.0/24 192.168.154.4 DROP BIDIRECTIONAL'
15 0 0 fw-drp-log 210.41.224.0/20 192.168.154.4
PF_FORWARD_3='210.41.224.0/20 192.168.154.4 DROP BIDIRECTIONAL'
16 0 0 fw-drp-log 192.168.154.4 210.41.224.0/20
PF_FORWARD_3='210.41.224.0/20 192.168.154.4 DROP BIDIRECTIONAL'
17 0 0 fw-drp-log 60.30.32.0/24 192.168.154.4
PF_FORWARD_4='60.30.32.0/24 192.168.154.4 DROP BIDIRECTIONAL'
18 0 0 fw-drp-log 192.168.154.4 60.30.32.0/24
PF_FORWARD_4='60.30.32.0/24 192.168.154.4 DROP BIDIRECTIONAL'
19 0 0 fw-drp-log 125.64.16.0/24 192.168.154.4
PF_FORWARD_5='125.64.16.0/24 192.168.154.4 DROP BIDIRECTIONAL'
20 0 0 fw-drp-log 192.168.154.4 125.64.16.0/24
PF_FORWARD_5='125.64.16.0/24 192.168.154.4 DROP BIDIRECTIONAL'
21 0 0 fw-rej-log 173.252.0.0/16 192.168.154.4
PF_FORWARD_6='173.252.0.0/16 192.168.154.4 REJECT BIDIRECTIONAL'
22 0 0 fw-rej-log 192.168.154.4 173.252.0.0/16
PF_FORWARD_6='173.252.0.0/16 192.168.154.4 REJECT BIDIRECTIONAL'
23 0 0 fw-rej-log 69.171.0.0/16 192.168.154.4
PF_FORWARD_7='69.171.0.0/16 192.168.154.4 REJECT BIDIRECTIONAL'
24 0 0 fw-rej-log 192.168.154.4 69.171.0.0/16
PF_FORWARD_7='69.171.0.0/16 192.168.154.4 REJECT BIDIRECTIONAL'
25 0 0 fw-drp-log 83.236.140.90
PF_FORWARD_8='83.236.140.90 DROP'
26 0 0 fw-drp-log 207.158.22.134
PF_FORWARD_9='207.158.22.134 DROP'
27 0 0 ACCEPT 192.168.54.3 192.168.154.2
PF_FORWARD_10='192.168.54.3 192.168.154.2 ACCEPT BIDIRECTIONAL'
Mehr Informationen über die Mailingliste Fli4L