Le lun 15/03/2004 à 15:32, netfilter@xxxxxxxxx a écrit : > I changed some rules, some rules are removed and the position of the rules are > changed. So i hope the script is more secure. I did not see much change is the script you posted. I understand you may not be familiar to Netfilter/iptables, but you could at least try your scripts to see if they work... > I wan't to use an separate file to be included like an blacklist of trajan ports, > but i'm very new with iptables (work since one week with it). > How i have to build the rule do include an seperate file with near of 351 entries of ports > wich are used by trojans? > How i have to build the file (like "65536 #Adore Worm/Linux" ??) > iptables -N input_sperre > iptables -N forward_sperre I do not see the point in creating thoses chains. Just put the rules directly in INPUT and FORWARD chains. Furthermore, you do not use theses two chains in you script. > iptables -A sperre -m state --state ESTABLISHED,RELATED -j ACCEPT sperre chain does not exist anymore. > iptables -A sperre -i eth1 --dport > 22,19,21,22,25,3389,1723,23000:23001 -j ACCEPT # Allow outbound only > for specific ports Syntax error, see previous email. > iptables -A sperre -i lo -s 127.0.0.1/255.0.0.0 -j ACCEPT # Allow everything from loopback See previous email. > iptables -A sperre -i eth0 -s 192.168.1.0/255.255.255.0 -j DROP # Drop everyting how comes fro outside to inside with LAN IP's See previous email. [...] Etc. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
