Grandiose, un visage amical parmi une brochette de tarlouzes :D
C'est bon les mecs jdéconne, man humour :ange:
lebibi
j'ai recupéré un script tout fait (rc.firewall-2.1.1)
mais bon c'est pas ca :(
Deja, je ne peux plus acceder depuis ma passerelle a internet :(
voici le log de l'initialisation du script :
Loading iptables firewall:
Checking IP Forwarding...enabled.
Checking IP SynCookies...support not found, but that's OK.
Flush: INPUT OUTPUT1 FORWARD PREROUTING1 OUTPUT2 POSTROUTING PREROUTING2 OUTPUT3
Creating chains: INETIN INETOUT
Default Policies: INPUT:ACCEPT OUTPUT:ACCEPT FORWARD:DROP
Local Traffic Rules: 192.168.0.0/24:ACCEPT
Setting up NAT: 192.168.0.0/24:MASQUERADE
Setting up INET chains: INETIN INETOUT
Flood Protection: iptables: No chain/target/match by that name
ICMP-PING
Allowing ICMP in...done
Denying hosts:
TCP Input Allow: iptables: No chain/target/match by that name
21 iptables: No chain/target/match by that name
22 iptables: No chain/target/match by that name
25 iptables: No chain/target/match by that name
80 iptables: No chain/target/match by that name
110 iptables: No chain/target/match by that name
113 iptables: No chain/target/match by that name
443 iptables: No chain/target/match by that name
3333 iptables: No chain/target/match by that name
6667
UDP Input Allow: 6112 6119 4000
DNS Servers: 195.93.49.134
Accounting for SSH...SSH1
Allowing established outbound connections back in...iptables: No chain/target/match by that name
done
Setting up INET Policies: INETIN:REJECT INETOUT:ACCEPT
Done loading the firewall!
------------------------------------
Ce n'est pas un peu louche ce : No chain/target/match by that name ???
DE plus lorsque je fais un nmap sur ppp0 je vois les ports ouverts dont certains que je ne souhaite pas :(
Port State Service
21/tcp open ftp
22/tcp open ssh
80/tcp open http
139/tcp open netbios-ssn
3306/tcp open mysql
6000/tcp open X11
Par exemple je ne veux pas qu'on voit : X11 et mysql
Comment faire ??
Voici la partie de conf du script
DNS="195.93.49.134" #set to your DNS server(s) that you get zones from
TCP_ALLOW="21 22 25 80 110 113 443 3333 6667" #TCP ports to ALLOW
UDP_ALLOW="6112 6119 4000" #UDP ports to ALLOW (53 not needed, covered by DNS above)
INET_IFACE="ppp0" #the interface your internet's on (one only), must be set
LAN_IFACE="eth0" #the interface(s) your LAN's on (currently unused)
USE_SSH1="TRUE" #set to TRUE if you use "real" SSH1 (anything else is interpreted as FALSE)
USE_OPENSSH="FALSE" #set to TRUE if you use OpenSSH (anything else is interpreted as FALSE)
INTERNAL_LAN="192.168.0.0/24" #the internal network(s), must be set
AUTH_ALLOW="" #IPs allowed to use the AUTH service (leave blank and put 113 in TCP_ALLOW for all)
DENY_ALL="" #internet hosts to explicitly deny from accessing your system at all
DROP="REJECT" #what to do with packets we don't want
Merci de m'aider
jamiroq
ouaih, bof !!!
y'a pas l'air d'avoir bp d'options parametrable avec ton soft ? non je me trompe ?
comparer a Fwbuilder ca fait pauvre , mais peut etre qu'il ny 'a qu'un sceenshot donc pas representatif ?
lebibi
[FK]Yom a écrit a écrit :
Lebibi, de Kewl ?
Oui Yom :)
On se connait un peu je crois :)
[FK]Yom
Lebibi, de Kewl ?
aixess
C'est pas le top, j'ai quelques pb avec, mais c'est très simple et ca marche qd meme
