Forum |  HardWare.fr | News | Articles | PC | S'identifier | S'inscrire | Shop Recherche
2373 connectés 

 
 


 Mot :   Pseudo :  
 
Bas de page
Auteur Sujet :

[IPFilter] Pb de regle

n°502108
sharlaan
Posté le 11-06-2004 à 20:08:38  profilanswer
 

Voila, j'ai ecrit mes regles, le ssh marche nickel, mais quand je veux DL  avec wget sur mon serveur ca passe pas.
 
Mes regles :

block return-rst in proto tcp all
block return-icmp-as-dest(port-unr) in proto udp all
block return-rst in on ed0 proto tcp all
block return-icmp-as-dest(port-unr) in on ed0 proto udp all
 
pass in quick on lo0 all
pass out quick on lo0 all
 
block in log quick all with ipopts
block in log quick all with frag
 
block in log quick on ed0 proto tcp all flags SF/SFRA
block in log quick on ed0 proto tcp all flags /SFRA
block in log quick on ed0 proto tcp all flags F/SFRA
block in log quick on ed0 proto tcp all flags U/SFRAU
block in log quick on ed0 proto tcp all flags P
block in log quick on ed0 proto tcp from any to any flags FUP
 
pass  in quick on ed0 proto icmp from any to any icmp-type 0
pass  out quick on ed0 proto icmp from any to any icmp-type 0
pass  in quick on ed0 proto icmp from any to any icmp-type 3
pass  out quick on ed0 proto icmp from any to any icmp-type 3
pass  in quick on ed0 proto icmp from any to any icmp-type 8
pass  out quick on ed0 proto icmp from any to any icmp-type 8
pass  in quick on ed0 proto icmp from any to any icmp-type 11
pass  out quick on ed0 proto icmp from any to any icmp-type 11
 
block return-icmp-as-dest(host-unr) in log quick on ed0 proto icmp from any to any
 
block return-rst in log quick on ed0 proto tcp from any to any port = 513
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 513
block return-rst in log quick on ed0 proto tcp from any to any port = 514
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 514
block return-rst in log quick on ed0 proto tcp from any to any port = 23
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 23
block return-rst in log quick on ed0 proto tcp from any to any port = 111
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 111
#block in log on ed0 all
 
pass  in quick on ed0 proto tcp from any to any port = 80
pass  out quick on ed0 proto tcp from any to any port = 80
pass  in quick on ed0 proto udp from any to any port = 80
pass  out quick on ed0 proto udp from any to any port = 80
 
pass  in quick on ed0 proto tcp from any to any port = 22 flags S keep state
 
pass  in quick on ed0 proto tcp from any to any port = 53
pass  out quick on ed0 proto tcp from any to any port = 53
pass  in quick on ed0 proto udp from any to any port = 53
pass  out quick on ed0 proto udp from any to any port = 53
 
pass  out quick on ed0 proto tcp from any to any flags S/SAFR keep state
 
block in log on ed0 all


 
Une idée ?


Message édité par sharlaan le 11-06-2004 à 21:11:23
mood
Publicité
Posté le 11-06-2004 à 20:08:38  profilanswer
 

n°502122
sharlaan
Posté le 11-06-2004 à 20:26:40  profilanswer
 

j'ai trouvé :

block return-rst in proto tcp all
block return-icmp-as-dest(port-unr) in proto udp all
block return-rst in on ed0 proto tcp all
block return-icmp-as-dest(port-unr) in on ed0 proto udp all
 
pass in quick on lo0 all
pass out quick on lo0 all
 
block in log quick all with ipopts
block in log quick all with frag
 
block in log quick on ed0 proto tcp all flags SF/SFRA
block in log quick on ed0 proto tcp all flags /SFRA
block in log quick on ed0 proto tcp all flags F/SFRA
block in log quick on ed0 proto tcp all flags U/SFRAU
block in log quick on ed0 proto tcp all flags P
block in log quick on ed0 proto tcp from any to any flags FUP
 
pass  in quick on ed0 proto icmp from any to any icmp-type 0
pass  out quick on ed0 proto icmp from any to any icmp-type 0
pass  in quick on ed0 proto icmp from any to any icmp-type 3
pass  out quick on ed0 proto icmp from any to any icmp-type 3
pass  in quick on ed0 proto icmp from any to any icmp-type 8
pass  out quick on ed0 proto icmp from any to any icmp-type 8
pass  in quick on ed0 proto icmp from any to any icmp-type 11
pass  out quick on ed0 proto icmp from any to any icmp-type 11
 
block return-icmp-as-dest(host-unr) in log quick on ed0 proto icmp from any to any
 
block return-rst in log quick on ed0 proto tcp from any to any port = 513
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 513
block return-rst in log quick on ed0 proto tcp from any to any port = 514
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 514
block return-rst in log quick on ed0 proto tcp from any to any port = 23
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 23
block return-rst in log quick on ed0 proto tcp from any to any port = 111
block return-icmp-as-dest(port-unr) in log quick on ed0 proto udp from any to any port = 111
#block in log on ed0 all
 
pass  in quick on ed0 proto tcp from any to any port = 80 keep state
pass  out quick on ed0 proto tcp from any to any port = 80 keep state
#pass  in quick on ed0 proto udp from any to any port = 80 keep state
#pass  out quick on ed0 proto udp from any to any port = 80 keep state
 
pass  in quick on ed0 proto tcp from any to any port = 22 flags S keep state
 
pass  in quick on ed0 proto tcp from any to any port = 53 keep state
pass  out quick on ed0 proto tcp from any to any port = 53 keep state
pass  in quick on ed0 proto udp from any to any port = 53 keep state
pass  out quick on ed0 proto udp from any to any port = 53 keep state
 
pass  out quick on ed0 proto tcp from any to any flags S/SAFR keep state
 
block in log on ed0 all

n°502166
sharlaan
Posté le 11-06-2004 à 21:12:15  profilanswer
 

par contre depuis j'ai un probleme. Mon routeur est en serveur DHCP, et mon serveur en client DHCP.
Voila le message d'erreur que j'ai :

Citation :

Jun 11 21:15:48 andromede dhclient: send_packet: No route to host


 
Une idée ?

n°503879
Ralph-
★ You'll hate me. ★
Posté le 14-06-2004 à 21:12:48  profilanswer
 

Bah, ipfilter a pas grand chose a voir avec le routage, a moins que tu ais aussi fait des trucs bizarres avec ipnat.


Aller à :
Ajouter une réponse
 

Sujets relatifs
[BSD] IPFilter: erreur au démarrageopenbsd, 'vrai regle de routage', routed
IPTables: Regle pour AIM[reglé] Named - erreur au demarrage
règle pour shorewallipfilter sur un serveur a 2 interfaces sur un meme réseau
explorer le reseau avec kde de mandrake 10 [reglé 80%]installer imprimante a encre solide Xerox 8400 sur mandrake [réglé]
utiliser la partiition data en fat32 comme /home pour linux [reglé][Bind] Port 53 fantome ? [réglé] [Mais encore une petite question]
Plus de sujets relatifs à : [IPFilter] Pb de regle

Forum MesDiscussions.Net, Version 2010.2
(c) 2000-2011 Doctissimo
Page générée en 0.048 secondes

Copyright © 1997-2025 Groupe LDLC (Signaler un contenu illicite / Données personnelles)