Eu preciso de alguma ajuda para ler minhas regras de IPtables, minhas regras parecem funcionar, mas não tenho certeza

Question

Eu preciso de alguma ajuda para ler minhas regras de IPtables, minhas regras parecem funcionar, mas não tenho certeza

1

Como o título diz, eu preciso de alguma ajuda para ler minhas regras de iptable, minhas regras parecem funcionar, mas não tenho certeza. Minha configuração é a seguinte: ISP --- > modem a cabo --- > Comutador Ethernet --- > netbook / servidor / firewall / wifi --- > Dispositivos conectados sem fio.

Meu netbook é um servidor que tem o Ubuntu 13.04 Raring 32bit executando OpenVPN, Email e Iodo (IP-Over-DNS). Este mesmo netbook também funciona como um roteador sem fio usando dhcp, hostapd para wifi e iptables como firewall.

eth0 é a WAN com o IP de 192.168.1.2
wlan0 é a LAN com o IP de 10.0.0.2
dns0 e dns1 é o túnel de iodo com os IPs de 172.168.0.1 (dns0) e 172.16.2.1 (dns1)
tun0 é o meu túnel OpenVPN com o IP de 10.0.2.1

O que deve acontecer é que todas as solicitações de entrada / saída de portas devem ser BLOQUEADAS para / do próprio servidor / roteador, exceto:
Portas 80 e 443 para navegação na web
Ports 25, 587, 110, 995, 143 e 993 para vários serviços de email
Port 22 para ssh
Port 1194 para OpenVPN

Todas as portas de entrada / saída devem ser BLOQUEADAS de / para conexões na minha VPN, conexões em Iodo e conexões Wi-Fi, exceto:
Porta 53 para solicitações de DNS
Portas 80 e 443 para navegação na web
Portas 8080 para acessar os serviços da faculdade | Porto 29304 para skype
Portas 6783, 6784 e 6785 para o Streamer Splashtop Portas 5060 a 5080 e porta 65535 para CallCentric VOIP
Portas 19305 a 19309; Portas 5228 e 14259 para vários serviços do Google
Portas 80 (udp), 6969 e 1337 para torrents
Porta 25 para email
Port 587 para email do iCloud
Portas 465, 587, 993, 994 e 995 para o Gmail
Portas 7070, 1338, 6667 e 6697 para o IRC
Ports 2000, 1843 e 843 para jogos online baseados em texto como MUDs
Port 22 para SSH
Porta 1194 para VPN
Portas 3478 a 3487, 16384 a 16387, 16393 a 16402 e 5223 para iMessages e Facetime

Abaixo estão as minhas regras do iptables, eu coloquei estas regras em / etc / default / iptables para que estas regras sejam configuradas a cada inicialização.

###****FIREWALL PRESETUP****###

*nat

# Wireless devices wlan0
-A POSTROUTING -o eth0 -s 10.0.0.2/24 -j MASQUERADE

# Personal VPN tun0 to this network from my devices
-A POSTROUTING -o eth0 -s 10.0.2.0/24 -j MASQUERADE

# Iodine (IP-over-DNS) dns0 and dns1
-A POSTROUTING -o eth0 -s 172.16.0.1/27 -j MASQUERADE
-A POSTROUTING -o eth0 -s 172.16.2.1/27 -j MASQUERADE

COMMIT

###****BEGIN GLOBAL FIREWALL****###

*filter

# Block unwanted traffic
:FORWARD DROP
:INPUT DROP

# Allow wanted traffic to/from all interfaces
:OUTPUT ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

# Make sure wanted traffic to/from wlan0 (LAN) is allowed
-A FORWARD -i wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Make sure wanted traffic to/from tun0 (VPN) is allowed
-A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -s 10.0.2.0/25 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Also allow traffic to/from tun0 (VPN) to wlan0 (LAN)
-A FORWARD -i tun0 -o wlan0 -s 10.0.2.0/25 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Also allow traffic to/from tun0 (VPN) to eth0 (WAN)
-A FORWARD -i tun0 -o eth0 -s 10.0.2.0/25 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Make sure wanted traffic to/from dns0 and dns1, Iodine (IP-over-DNS), is allowed
-A FORWARD -i dns0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i dns1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Also allow traffic to/from dns0 and dns1, Iodine (IP-over-DNS), to wlan0 (LAN)
-A FORWARD -i dns0 -o wlan0 -s 172.16.0.1/27 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i dns1 -o wlan0 -s 172.16.2.1/27 -d 10.0.0.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Also allow traffic to/from dns0 and dns1, Iodine (IP-over-DNS), to eth0 (WAN)
-A FORWARD -i dns0 -o wlan0 -s 172.16.0.1/27 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i dns1 -o wlan0 -s 172.16.2.1/27 -d 192.168.2.0/24 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow wanted traffic into the router itself
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

###****BEGIN WIFI FIREWALL ****###

#Logging
#-A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"
#-I FORWARD 5 -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# dns
-A FORWARD -i wlan0 -o eth0 -p udp --dport 53 -j ACCEPT

# http, https
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 443 -j ACCEPT

# Los Rios College eServices (and others)
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 8080 -j ACCEPT

# Skype (Outgoing)
-A FORWARD -i wlan0 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 29304 -j ACCEPT

# Skype (Incoming)
-A FORWARD -i eth0 -o wlan0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -p tcp --dport 29304 -j ACCEPT

# Splashtop streamer
-A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT

# CallCentric VOIP
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 65535 -j ACCEPT

# Google hangout, voip, and other google services
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 14259 -j ACCEPT

# Torrent
-A FORWARD -i wlan0 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p udp --dport 1337 -j ACCEPT

# Email
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 25 -j ACCEPT

# iCloud Email
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail SMTP SSL
-A FORWARD -i wlan0 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 465 -j ACCEPT

# Gmail SMTP StartTLS
-A FORWARD -i wlan0 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail IMAP SSL
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT

# irc
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 6697 -j ACCEPT

# MUD
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 843 -j ACCEPT

# ssh
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 22 -j ACCEPT

# vpn
-A FORWARD -i wlan0 -o eth0 -p udp --dport 1194 -j ACCEPT

# iOS iMessages, Facetime
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT

# Allow PING from remote hosts.
-A FORWARD -i wlan0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT

###****BEGIN IODINE (IP-over-DNS, dns0 and dns1) FIREWALL ****###

#Logging
#-A FORWARD -i dns0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"

# dns
-A FORWARD -i dns0 -o eth0 -p udp --dport 53 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 53 -j ACCEPT

# http, https
-A FORWARD -i dns0 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 443 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 443 -j ACCEPT

# Los Rios College eServices (and others)
-A FORWARD -i dns0 -o eth0 -p tcp --dport 8080 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 8080 -j ACCEPT

# Skype (Outgoing)
-A FORWARD -i dns0 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 29304 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 29304 -j ACCEPT

# Skype (Incoming)
-A FORWARD -i eth0 -o dns0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o dns0 -p tcp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o dns1 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o dns1 -p tcp --dport 29304 -j ACCEPT

# Splashtop streamer
-A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT

# CallCentric VOIP
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 65535 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 65535 -j ACCEPT

# Google hangout, voip, and other google services
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 14259 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 14259 -j ACCEPT

# Torrent
-A FORWARD -i dns0 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p udp --dport 1337 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 1337 -j ACCEPT

# Email
-A FORWARD -i dns0 -o eth0 -p tcp --dport 25 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 25 -j ACCEPT

# iCloud Email
-A FORWARD -i dns0 -o eth0 -p tcp --dport 587 -j ACCEPT
-A FORWARD -i dns1 -o eth -p tcp --dport 587 -j ACCEPT

# Gmail SMTP SSL
-A FORWARD -i dns0 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 465 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 465 -j ACCEPT

# Gmail SMTP StartTLS
-A FORWARD -i dns0 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 587 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail IMAP SSL
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT

# irc
-A FORWARD -i dns0 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 6697 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 6697 -j ACCEPT

# MUD
-A FORWARD -i dns0 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 843 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 843 -j ACCEPT

# ssh
-A FORWARD -i dns0 -o eth0 -p tcp --dport 22 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 22 -j ACCEPT

# vpn
-A FORWARD -i dns0 -o eth0 -p udp --dport 1194 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p udp --dport 1194 -j ACCEPT

# iOS iMessages, Facetime
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i dns0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i dns1 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT

# Allow PING from remote hosts.
-A FORWARD -i dns0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
-A FORWARD -i dns1 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT

###****BEGIN VPN FIREWALL****###

#Logging
#-A FORWARD -i tun0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"

# dns
-A FORWARD -i tun0 -o eth0 -p udp --dport 53 -j ACCEPT

# http, https
-A FORWARD -i tun0 -o eth0 -p tcp --dport 80 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 443 -j ACCEPT

# Los Rios College eServices (and others)
-A FORWARD -i tun0 -o eth0 -p tcp --dport 8080 -j ACCEPT

# Skype (Outgoing)
-A FORWARD -i tun0 -o eth0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 29304 -j ACCEPT

# Skype (Incoming)
-A FORWARD -i eth0 -o tun0 -p udp --dport 29304 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -p tcp --dport 29304 -j ACCEPT

# Splashtop streamer
-A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 6783:6785 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 6783:6785 -j ACCEPT

# CallCentric VOIP
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 5060:5080 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 65535 -j ACCEPT

# Google hangout, voip, and other google services
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 19305:19309 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 19305:19309 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 5228 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 5228 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 14259 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 14259 -j ACCEPT

# Torrent
-A FORWARD -i tun0 -o eth0 -p udp --dport 80 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 6969 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p udp --dport 1337 -j ACCEPT

# Email
-A FORWARD -i tun0 -o eth0 -p tcp --dport 25 -j ACCEPT

# iCloud Email
-A FORWARD -i tun0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail SMTP SSL
-A FORWARD -i tun0 -o eth0 -p udp --dport 465 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 465 -j ACCEPT

# Gmail SMTP StartTLS
-A FORWARD -i tun0 -o eth0 -p udp --dport 587 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 587 -j ACCEPT

# Gmail IMAP SSL
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 993:995 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p tcp --dport 993:995 -j ACCEPT

# irc
-A FORWARD -i tun0 -o eth0 -p tcp --dport 7070 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 1338 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 6667 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 6697 -j ACCEPT

# MUD
-A FORWARD -i tun0 -o eth0 -p tcp --dport 2000 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 1843 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 843 -j ACCEPT

# ssh
-A FORWARD -i tun0 -o eth0 -p tcp --dport 22 -j ACCEPT

# vpn
-A FORWARD -i tun0 -o eth0 -p udp --dport 1194 -j ACCEPT

# iOS iMessages, Facetime
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 3478:3487 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -p tcp --dport 5223 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 16384:16387 -j ACCEPT
-A FORWARD -i tun0 -o eth0 -m multiport -p udp --dport 16393:16402 -j ACCEPT

# Allow PING from remote hosts.
-A FORWARD -i tun0 -o eth0 -p icmp --icmp-type echo-request -j ACCEPT

###****BEGIN SERVER FIREWALL****###

#Logging
#-A FORWARD -i wlan0 -o eth0 -p tcp --syn -j LOG --log-prefix "syn packet:"

# Loop device.
-A INPUT -i lo -j ACCEPT

# http, https
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT

# pop3, pop3s
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT

# imap, imaps
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

# ssh
-A INPUT -p tcp --dport 22 -j ACCEPT

# vpn
-A INPUT -p udp --dport 1194 -j ACCEPT

# Allow PING from remote hosts.
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

COMMIT

Esta é a saída de "iptables -nvL" para mostrar o que está em vigor, link essas linhas fail2ban estão lá porque tenho fail2ban instalado.

Esta é a saída de "iptables -S" para mostrar o que está em vigor, link novamente as linhas fail2ban estão lá porque eu tenho fail2ban instalado.

networking iptables firewall ubuntu

por Raansu 01.07.2013 / 06:56

0 respostas

Tags networking iptables firewall ubuntu

Ver e-mail através da unidade de rede compartilhada Como posso me conectar ao meu servidor linux com o Mac usando as credenciais de um dos usuários na caixa linux?