[Linux-ag] bash -x cıktısı

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Erhan KILIC (erhan.kilic@ammsav.com)
Date: Sun 12 Feb 2006 - 23:51:40 EET

Previous message: Devrim GUNDUZ: "Re: [Linux-ag] bash -x c?kt?s?"
In reply to: Erhan KILIC: "[Linux-ag] Bu betikte yanlıs bir konut varmı acaba ?"

fw:/xxx # bash -x "dosya adı"

+ echo 0
+ iptables -F INPUT
+ iptables -F OUTPUT
+ iptables -F FORWARD
+ iptables -P INPUT DROP
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD ACCEPT
+ iptables -A INPUT -j LOG -i eth1 '!' -s 192.168.0.0/24
+ iptables -A INPUT -j DROP -i eth1 '!' -s 192.168.0.0/24
+ iptables -A INPUT -j FORWARD -i eth1 '!' -s 192.168.0.0/24
iptables: Invalid argument
+ iptables -A INPUT -j DROP '!' -i eth1 -s 192.168.0.0/24
+ iptables -A INPUT -j FORWARD '!' -i eth1 -s 192.168.0.0/24
iptables: Invalid argument
+ iptables -A INPUT -j DROP -i '!' lo -s 127.0.0.0/255.0.0.0
+ iptables -A FORWARD -j DROP -i '!' lo -s 127.0.0.0/255.0.0.0
+ iptables -A INPUT -j ACCEPT -i lo
+ iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 10.0.0.2
+ iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport
www -s 10.0.0.2 -d 192.168.0.0/24 -j ACCEPT
+ iptables -A OUTPUT -m state --state NEW -o eth0 -p tcp --sport www -d 192.168.
0.0/24 -j DROP
+ iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p '!' icmp -j
ACCEPT
+ iptables -A INPUT -m state --state NEW -i eth0 -j DROP
+ iptables A FORWARD -m state --state NEW -i eth0 -j DROP
Bad argument `A'
Try `iptables -h' or 'iptables --help' for more information.
+ iptables -A INPUT -j ACCEPT -p all -s 192.168.0.0/24
+ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+ iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-reply -d 10.0.0.1
+ iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-request -d 10.0.0
.1
+ iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type destination-unreachabl
e -d 10.0.0.1
+ echo 1

  ----- Original Message -----
  From: Erhan KILIC
  To: linux-ag@liste.linux.org.tr
  Sent: Sunday, February 12, 2006 11:49 PM
  Subject: [Linux-ag] Bu betikte yanlıs bir konut varmı acaba ?

bu betigi calıstırdıgımda hata veriyor nedendir acaba ?

  #firewall gateway system ip adress is 10.0.0.1 using ethernet device eth0
  #Private network adress is 192.168.0.0 using Ethernet device eth1
  #Web site adress is 10.0.0.2

#modprobe iptable_filter
#turn off ip forwarding

echo 0 > /proc/sys/net/ipv4/ip_forward

#Flush chain rules

  iptables -F INPUT
  iptables -F OUTPUT
  iptables -F FORWARD

#Set default (policy) rules

  iptables -P INPUT DROP
  iptables -P OUTPUT ACCEPT
  iptables -P FORWARD ACCEPT

#IP spoofing, deny any packets on the internal network that has an external source adress

  iptables -A INPUT -j LOG -i eth1 \! -s 192.168.0.0/24
  iptables -A INPUT -j DROP -i eth1 \! -s 192.168.0.0/24
  iptables -A INPUT -j FORWARD -i eth1 \! -s 192.168.0.0/24

#IP spoofing, deny any OUTSIDE packets (any not on eth1) that has an external source adress of the internal network

iptables -A INPUT -j DROP \! -i eth1 -s 192.168.0.0/24
iptables -A INPUT -j FORWARD \! -i eth1 -s 192.168.0.0/24

#IP spoofing, deny any outside packets with localhost adress
#(packets not on the lo interface ( any on eth0 or eth1 ) that have the source adress of localhost)

iptables -A INPUT -j DROP -i \! lo -s 127.0.0.0/255.0.0.0
iptables -A FORWARD -j DROP -i \! lo -s 127.0.0.0/255.0.0.0

#Allow all incoming messages for users on your firewall system

iptables -A INPUT -j ACCEPT -i lo

#Allow comminication to the web server (address 10.0.0.2), port www

iptables -A INPUT -j ACCEPT -p tcp -i eth0 --dport www -s 10.0.0.2

#Allow established connections from web servers to internal network

iptables -A INPUT -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport www -s 10.0.0.2 -d 192.168.0.0/24 -j ACCEPT

#Prevent new connections from web servers to internal network

iptables -A OUTPUT -m state --state NEW -o eth0 -p tcp --sport www -d 192.168.0.0/24 -j DROP

#Allow established and related outside comminication to your system
#Allow outside comminication to the firewall, except for ICMP packets

iptables -A INPUT -m state --state ESTABLISHED.RELATED -i eth0 -p \! icmp -j ACCEPT

#Prevent OUTSIDE initiated connections

iptables -A INPUT -m state --state NEW -i eth0 -j DROP
iptables A FORWARD -m state --state NEW -i eth0 -j DROP

#Allow all local comminication to and from the firewall on eth1 from the local network

iptables -A INPUT -j ACCEPT -p all -s 192.168.0.0/24

#Set up masquerading to allow internal machines access to outside network

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#Accept ICMP ping (0-8) and destination unreachable (3) messages
#Others will be rejected by INPUT and OUTPUT DROP policy

  iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-reply -d 10.0.0.1
  iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type echo-request -d 10.0.0.1
  iptables -A INPUT -j ACCEPT -p icmp -i eth0 --icmp-type destination-unreachable -d 10.0.0.1

#Turn on IP Forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward

------------------------------------------------------------------------------

  _______________________________________________
  Linux-ag mailing list
  Linux-ag@liste.linux.org.tr
  http://liste.linux.org.tr/mailman/listinfo/linux-ag

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: Devrim GUNDUZ: "Re: [Linux-ag] bash -x c?kt?s?"
In reply to: Erhan KILIC: "[Linux-ag] Bu betikte yanlıs bir konut varmı acaba ?"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.