kand je fais "ps -A |grep httpd"
ca met ca:
2151 ? 00:00:00 httpd-perl
2158 ? 00:00:00 httpd-perl
2159 ? 00:00:00 httpd-perl
2160 ? 00:00:00 httpd-perl
2161 ? 00:00:00 httpd-perl
Sinon je dois chercher quoi dans IPTABLES -L ca met tout ca
( desole pour la taille )
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
eth1_in all -- anywhere anywhere
eth0_in all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefi
x `Shorewall:INPUT:REJECT:'
reject all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DROP !icmp -- anywhere anywhere state INVALID
eth1_fwd all -- anywhere anywhere
eth0_fwd all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefi
x `Shorewall:FORWARD:REJECT:'
reject all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP !icmp -- anywhere anywhere state INVALID
fw2net all -- anywhere anywhere
fw2masq all -- anywhere anywhere
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefi
x `Shorewall:OUTPUT:REJECT:'
reject all -- anywhere anywhere
Chain all2all (3 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefi
x `Shorewall:all2all:REJECT:'
reject all -- anywhere anywhere
Chain common (5 references)
target prot opt source destination
icmpdef icmp -- anywhere anywhere
reject udp -- anywhere anywhere udp dpt:135
reject udp -- anywhere anywhere udp dpts:netbios-ns:
netbios-ssn
reject udp -- anywhere anywhere udp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:netbios-ssn
reject tcp -- anywhere anywhere tcp dpt:microsoft-ds
reject tcp -- anywhere anywhere tcp dpt:135
DROP udp -- anywhere anywhere udp dpt:1900
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/4
reject tcp -- anywhere anywhere tcp dpt:auth
DROP udp -- anywhere anywhere udp spt:domain state
NEW
DROP all -- anywhere 82.67.114.255
DROP all -- anywhere 192.168.1.255
Chain dynamic (4 references)
target prot opt source destination
Chain eth0_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2net all -- anywhere anywhere
Chain eth0_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
masq2fw all -- anywhere anywhere
Chain eth1_fwd (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2all all -- anywhere anywhere
Chain eth1_in (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere
net2fw all -- anywhere anywhere
Chain fw2masq (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere multiport dports ipp
,printer,netbios-ns,netbios-dgm,netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere multiport dports ipp
,printer,netbios-ns,netbios-dgm,netbios-ssn state NEW
all2all all -- anywhere anywhere
Chain fw2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain icmpdef (1 references)
target prot opt source destination
Chain loc2fw (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:do
main
ACCEPT tcp -- anywhere anywhere multiport dports htt
p,https,domain,ssh,ftp-data,ftp state NEW
all2all all -- anywhere anywhere
Chain loc2net (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain masq2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:do
main
ACCEPT tcp -- anywhere anywhere multiport dports htt
p,https,domain,ssh,ftp-data,ftp state NEW
ACCEPT tcp -- anywhere anywhere multiport dports dom
ain,bootps,http,https,ipp,imap,pop3,smtp,nntp,ntp state NEW
ACCEPT udp -- anywhere anywhere multiport dports dom
ain,bootps,http,https,ipp,imap,pop3,smtp,nntp,ntp state NEW
all2all all -- anywhere anywhere
Chain masq2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
Chain net2all (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
common all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefi
x `Shorewall:net2all:DROP:'
DROP all -- anywhere anywhere
Chain net2fw (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABL
ISHED
newnotsyn tcp -- anywhere anywhere state NEW tcp flags:
!SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere state NEW udp dpt:do
main
ACCEPT tcp -- anywhere anywhere multiport dports htt p,https,domain,ssh,ftp-data,ftp state NEW
net2all all -- anywhere anywhere
Chain newnotsyn (9 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefi x `Shorewall:newnotsyn:DROP:'
DROP all -- anywhere anywhere
Chain reject (11 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-rese t
REJECT udp -- anywhere anywhere reject-with icmp-por t-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-hos t-unreachable
REJECT all -- anywhere anywhere reject-with icmp-hos t-prohibited
Chain shorewall (0 references)
target prot opt source destination
Et pour Shorewall : avec Drake COntrole dans Securite jai configuré le
drak firewall pour aisser les services ftp,web,dns,ssh.... ds le gestionaire de services SHorewal est actif et lancé au demarrage
Tjrs ds le getionaire de service httpd est actif et lance au demarrage ainsi que mysql,proftpd,
Voila c'est tout c ke jai pu voir