Iptables.up.rules

Jean Carlos <invaderjiks@xxxxxxxxxxxx> · Fri, 23 Sep 2011 21:33:54 -0300

Hello Iptables Developemer, i am with problem at my rules of firewall.
I can´t connect and do login in emesene e hotmail website.
Some Devolper or programmer can help-me?
Follows my rules.
I am newbie in iptables, i just copied the rules of firewall.sh and 
pasted with terminal.

THANKS
____
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [31:2349]
:VALID_CHECK - [0:0]
-A INPUT -s 10.0.0.0/8 -i eth0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 10.0.0.0/8 -i wlan0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 172.16.0.0/16 -i eth0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 172.16.0.0/16 -i wlan0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 192.168.0.0/24 -i eth0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -s 192.168.0.0/24 -i wlan0 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i wlan0 -p tcp -m tcp --dport 6881 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 6885 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 6885 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -i wlan0 -p udp -m udp --dport 4444 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j REJECT 
--reject-with icmp-port-unreachable
-A INPUT -i wlan0 -m state --state RELATED,ESTABLISHED -j REJECT 
--reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 666 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 666 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 4000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 4000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 6000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 6000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 6006 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 6006 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 16660 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 16660 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 27444 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 27444 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 27665 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 27665 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 31335 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 31335 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 34555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 34555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 35555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 35555 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 3128 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 8080 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -m state --state INVALID -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REJECT 
--reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 443 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 80 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p igmp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 33434:33523 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6000 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 31337 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 31337 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 20034 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 12346 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 12346 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p udp -m udp --dport 12345 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 12345 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6713 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6712 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6711 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 6670 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1433 -j REJECT --reject-with 
icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j LOG --log-prefix "FIREWALL: 
ssh: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 22 -j LOG --log-prefix 
"FIREWALL: ssh: "
-A INPUT -i eth0 -p tcp -m tcp --dport 21 -j LOG --log-prefix "FIREWALL: 
ftp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 21 -j LOG --log-prefix 
"FIREWALL: ftp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -j LOG --log-prefix "FIREWALL: 
telnet: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 23 -j LOG --log-prefix 
"FIREWALL: telnet: "
-A INPUT -i eth0 -p tcp -m tcp --dport 25 -j LOG --log-prefix "FIREWALL: 
smtp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 25 -j LOG --log-prefix 
"FIREWALL: smtp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j LOG --log-prefix "FIREWALL: 
http: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 80 -j LOG --log-prefix 
"FIREWALL: http: "
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j LOG --log-prefix 
"FIREWALL: pop3: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 110 -j LOG --log-prefix 
"FIREWALL: pop3: "
-A INPUT -i eth0 -p udp -m udp --dport 111 -j LOG --log-prefix 
"FIREWALL: rpc: "
-A INPUT -i wlan0 -p udp -m udp --dport 111 -j LOG --log-prefix 
"FIREWALL: rpc: "
-A INPUT -i eth0 -p tcp -m tcp --dport 113 -j LOG --log-prefix 
"FIREWALL: identd: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 113 -j LOG --log-prefix 
"FIREWALL: identd: "
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i wlan0 -p udp -m udp --dport 137:139 -j LOG --log-prefix 
"FIREWALL: samba: "
-A INPUT -i eth0 -p tcp -m tcp --dport 161:162 -j LOG --log-prefix 
"FIREWALL: snmp: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 161:162 -j LOG --log-prefix 
"FIREWALL: snmp: "
-A INPUT -i eth0 -p tcp -m tcp --dport 6881 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 6881 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i eth0 -p udp -m udp --dport 6885 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p udp -m udp --dport 6885 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i eth0 -p udp -m udp --dport 4444 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i wlan0 -p udp -m udp --dport 4444 -j LOG --log-prefix 
"FIREWALL: torrent: "
-A INPUT -i eth0 -p tcp -m tcp --dport 6667:6668 -j LOG --log-prefix 
"FIREWALL: irc: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 6667:6668 -j LOG --log-prefix 
"FIREWALL: irc: "
-A INPUT -i eth0 -p tcp -m tcp --dport 3128 -j LOG --log-prefix 
"FIREWALL: squid: "
-A INPUT -i wlan0 -p tcp -m tcp --dport 3128 -j LOG --log-prefix 
"FIREWALL: squid: "
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 110 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 110 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 25 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 443 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 86 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 86 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 67 -j ACCEPT
-A FORWARD -i eth0 -p udp -m udp --dport 86 -j ACCEPT
-A FORWARD -i wlan0 -p udp -m udp --dport 86 -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -i wlan0 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -i wlan0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -p tcp -m limit --limit 1/sec -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit 
--limit 1/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN,ACK -j 
REJECT --reject-with icmp-port-unreachable
-A FORWARD -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state 
--state NEW -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i eth0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -i wlan0 -p tcp -m tcp --dport 135 -j REJECT --reject-with 
icmp-port-unreachable
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit 
--limit 1/sec -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG 
FIN,PSH,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG 
FIN,SYN,RST,ACK,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG 
FIN,SYN,RST,PSH,ACK,URG -j REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j 
REJECT --reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j REJECT 
--reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j REJECT 
--reject-with icmp-port-unreachable
-A VALID_CHECK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j 
REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*mangle
:PREROUTING ACCEPT [8114:5358984]
:INPUT ACCEPT [8113:5358408]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8951:1417987]
:POSTROUTING ACCEPT [9173:1456982]
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*nat
:PREROUTING ACCEPT [3:974]
:INPUT ACCEPT [2:398]
:OUTPUT ACCEPT [1446:100049]
:POSTROUTING ACCEPT [8:536]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A PREROUTING -i wlan0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o wlan0 -j MASQUERADE
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
# Generated by iptables-save v1.4.10 on Thu Sep 22 21:47:12 2011
*raw
:PREROUTING ACCEPT [8114:5358984]
:OUTPUT ACCEPT [8951:1417987]
COMMIT
# Completed on Thu Sep 22 21:47:12 2011
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html