1 |
Mick <michaelkintzios@×××××.com> writes: |
2 |
|
3 |
>> Jumping up the thread a bit now, after Pauls excellent input. I see |
4 |
>> that iptables cmd is known on the OS, but man I really had not wanted |
5 |
>> to pound my way thru iptables to the point of competency. |
6 |
> |
7 |
> Count yourself lucky. I'd rather have to deal with Linux IP Tables than IOS |
8 |
> any time! |
9 |
|
10 |
Hehe |
11 |
|
12 |
> Once you access it via telnet, have a look for any log rules in IP Tables |
13 |
> (/sbin/iptables -L -v -n) and perhaps all we need to do is modify those. |
14 |
|
15 |
Yeah I had a look at the lines containing LOG and of course had no |
16 |
idea of what they meant or how to alter them. |
17 |
|
18 |
The entire iptables is inlined below... maybe you will know how to alter |
19 |
them so that ports show up in logs. That is, only if you are still |
20 |
patient enough to continue.... so far, no one has complained about the |
21 |
OT thread... but I fear I must be nearing the end of your patient |
22 |
willingness to continue, if not the lists willingness to allow my OT |
23 |
thread. |
24 |
|
25 |
------- --------- ---=--- --------- -------- |
26 |
There only 4 instances of LOG in the tables. But I wonder if it might |
27 |
just be an increase in log level that is required. |
28 |
|
29 |
I wanted to try that out, but was a bit chicken, thinking I'd destroy |
30 |
whatever setup there is that invokes the iptable rules. |
31 |
|
32 |
Chain INPUT (policy DROP) |
33 |
target prot opt source destination |
34 |
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 |
35 |
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0 |
36 |
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 |
37 |
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:500 |
38 |
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp flags: |
39 |
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL |
40 |
INPUT_UDP udp -- 0.0.0.0/0 0.0.0.0/0 |
41 |
INPUT_TCP tcp -- 0.0.0.0/0 0.0.0.0/0 |
42 |
DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 |
43 |
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW |
44 |
|
45 |
Chain FORWARD (policy DROP) |
46 |
target prot opt source destination |
47 |
ip_filter all -- 0.0.0.0/0 0.0.0.0/0 |
48 |
POLICY icmp -- 0.0.0.0/0 0.0.0.0/0 |
49 |
POLICY udp -- 0.0.0.0/0 0.0.0.0/0 |
50 |
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 |
51 |
POLICY tcp -- 0.0.0.0/0 0.0.0.0/0 |
52 |
TREND_MICRO tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 http me |
53 |
DMZ_PASS all -- 0.0.0.0/0 0.0.0.0/0 |
54 |
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL |
55 |
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW |
56 |
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 |
57 |
|
58 |
Chain OUTPUT (policy ACCEPT) |
59 |
target prot opt source destination |
60 |
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 |
61 |
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 state INVALID |
62 |
|
63 |
Chain BLOCK (0 references) |
64 |
target prot opt source destination |
65 |
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 |
66 |
DROP all -- 0.0.0.0/0 0.0.0.0/0 |
67 |
|
68 |
Chain DMZ_PASS (1 references) |
69 |
target prot opt source destination |
70 |
|
71 |
Chain DOS (6 references) |
72 |
target prot opt source destination |
73 |
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b |
74 |
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABL |
75 |
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 200/sec b |
76 |
RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: a |
77 |
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu |
78 |
DROP all -- 0.0.0.0/0 0.0.0.0/0 |
79 |
|
80 |
Chain FORWARD_TCP (1 references) |
81 |
target prot opt source destination |
82 |
DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc |
83 |
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 |
84 |
|
85 |
Chain FORWARD_UDP (1 references) |
86 |
target prot opt source destination |
87 |
DOS udp -- 0.0.0.0/0 0.0.0.0/0 |
88 |
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 |
89 |
|
90 |
Chain HTTP (0 references) |
91 |
target prot opt source destination |
92 |
|
93 |
Chain INPUT_TCP (1 references) |
94 |
target prot opt source destination |
95 |
SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold |
96 |
DOS tcp -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW tc |
97 |
ACCEPT tcp -- 0.0.0.0/0 192.168.0.20 tcp dpt:30443 |
98 |
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 23, |
99 |
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 |
100 |
|
101 |
Chain INPUT_UDP (1 references) |
102 |
target prot opt source destination |
103 |
SCAN all -- 0.0.0.0/0 0.0.0.0/0 psd weight-threshold |
104 |
DOS udp -- 0.0.0.0/0 0.0.0.0/0 |
105 |
ACCEPT udp -- 68.87.72.13 0.0.0.0/0 udp spt:67 dpt:68 |
106 |
RETURN udp -- 0.0.0.0/0 0.0.0.0/0 |
107 |
|
108 |
Chain POLICY (3 references) |
109 |
target prot opt source destination |
110 |
PORT_FORWARD all -- 0.0.0.0/0 0.0.0.0/0 |
111 |
RETURN all -- 0.0.0.0/0 0.0.0.0/0 |
112 |
|
113 |
Chain PORT_FORWARD (1 references) |
114 |
target prot opt source destination |
115 |
DOS icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 |
116 |
FORWARD_TCP tcp -- 0.0.0.0/0 0.0.0.0/0 |
117 |
FORWARD_UDP udp -- 0.0.0.0/0 0.0.0.0/0 |
118 |
RETURN all -- 0.0.0.0/0 0.0.0.0/0 |
119 |
|
120 |
Chain SCAN (2 references) |
121 |
target prot opt source destination |
122 |
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/sec bu |
123 |
DROP all -- 0.0.0.0/0 0.0.0.0/0 |
124 |
|
125 |
Chain TREND_MICRO (1 references) |
126 |
target prot opt source destination |
127 |
RETURN all -- 0.0.0.0/0 0.0.0.0/0 |
128 |
|
129 |
Chain ip_filter (1 references) |
130 |
target prot opt source destination |