Eu adiciono essa regra e trabalhei bem:
# Allow DNS client request iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
Eu tenho uma máquina virtual no debian. Eu fiz algumas modificações no HN para permitir o firewall dentro do vm ( link ).
Aqui está o meu script de firewall:
# Flushing all rules iptables -F iptables -X # Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # Allow unlimited traffic on loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Allow all related and established tcp connections to my_machine. iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT # Https In iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT # Allow ping iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT # Allow incoming ssh only iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT # make sure nothing comes iptables -A INPUT -j DROP # Allow all outgoing connection iptables -A OUTPUT -j ACCEPT
iptables -L
iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp spts:login:65535 dpt:https state NEW,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp spts:login:65535 dpt:ssh state NEW,ESTABLISHED DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere
Quando tento usar o fsockopen. Falha. Por quê?
Obrigado antecipadamente