From: Mesut Güler (mesut@egemenyazilim.com)
Date: Fri 01 Jul 2005 - 09:25:10 EEST
Mustafa Aldemir yazmış:
> merhaba,
>
> Iptables kullanarak kullanmadýðým portlarý kapatmaya çalýþýyorum ancak
> ftp baðlantýlarýný da engelliyor. Nerede hata yapýyorum, yardým
> edebilir misiniz?
>
> # iptables -F INPUT
> # iptables -A INPUT -i lo -j ACCEPT
> # iptables -A INPUT -m multiport -p tcp --dport
> www,ssh,smtp,ftp,ftp-data,domain,pop3 -j ACCEPT
> # iptables -A INPUT -m multiport -p udp --dport
> fsp,ssh,domain,www,pop3 -j ACCEPT
> # iptables -A INPUT -j LOG -m limit
> # iptables -A INPUT -j REJECT
> # iptables -L
>
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT tcp -- anywhere anywhere multiport dports
> www,ssh,smtp,ftp,ftp-data,domain,pop3
> ACCEPT udp -- anywhere anywhere multiport dports fsp,ssh,domain,www,pop3
> LOG all -- anywhere anywhere limit: avg 3/hour burst 5 LOG level warning
> REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Linux-ag mailing list
>Linux-ag@liste.linux.org.tr
>http://liste.linux.org.tr/mailman/listinfo/linux-ag
>
>
su kurali eklemeyi deneyin:
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iyi calismalar.
_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag