|
|
|
|
Strumenti |
09-06-2007, 11:36 | #61 |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
dai che palle Stev , mo pure te
non riesco a farla stare nei 50 verticali , la tolgo e via , tanto il 90% degli utenti ha immagini di 200x riguardanti solo vaccate e nessuno dice nulla |
09-06-2007, 11:44 | #62 |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
regola OFF
Codice:
# cat /tmp/rules iptables -t nat -F iptables -t filter -F iptables -t nat -X PRE_BASIC iptables -t nat -N PRE_BASIC iptables -t nat -X DNS iptables -t nat -N DNS iptables -t nat -X PRE_PROXY iptables -t nat -N PRE_PROXY iptables -t nat -X UPNP iptables -t nat -N UPNP iptables -t nat -X PT iptables -t nat -N PT iptables -t nat -X NAPT iptables -t nat -N NAPT iptables -t nat -X VS iptables -t nat -N VS iptables -t nat -X DMZ iptables -t nat -N DMZ iptables -t nat -X REAIM_PRE iptables -t nat -N REAIM_PRE iptables -t filter -X DOS iptables -t filter -N DOS iptables -t filter -X SCAN iptables -t filter -N SCAN iptables -t filter -X PROXY iptables -t filter -N PROXY iptables -t filter -X LOCAL_SERVICE iptables -t filter -N LOCAL_SERVICE iptables -t filter -X OUT_FILTER iptables -t filter -N OUT_FILTER iptables -t filter -X CFILTER iptables -t filter -N CFILTER iptables -t filter -X HTTP iptables -t filter -N HTTP iptables -t filter -X BLOCK iptables -t filter -N BLOCK iptables -t filter -X IN_FILTER iptables -t filter -N IN_FILTER iptables -t filter -X FW_UPNP iptables -t filter -N FW_UPNP iptables -t filter -X FW_BASIC iptables -t filter -N FW_BASIC iptables -t filter -X CONCHK iptables -t filter -N CONCHK iptables -t nat -A PREROUTING -j PRE_BASIC iptables -t nat -A PREROUTING -j PRE_PROXY iptables -t nat -A PREROUTING -j UPNP iptables -t nat -A PREROUTING -j PT iptables -t nat -A PREROUTING -j NAPT iptables -t nat -A PREROUTING -j VS iptables -t nat -A PREROUTING -j DMZ iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i ipsec0 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --syn -j DOS iptables -A INPUT -p udp -j DOS iptables -A INPUT -p icmp --icmp-type echo-request -j DOS iptables -A INPUT -j PROXY iptables -A INPUT -j LOCAL_SERVICE iptables -P FORWARD DROP iptables -A FORWARD -j OUT_FILTER iptables -A FORWARD -j CFILTER iptables -A FORWARD -j FW_BASIC iptables -A FORWARD -p tcp --syn -j DOS iptables -A FORWARD -p udp -j DOS iptables -A FORWARD -p icmp --icmp-type echo-request -j DOS iptables -A FORWARD -j IN_FILTER iptables -A FORWARD -j FW_UPNP iptables -A FW_BASIC -i lo -j ACCEPT iptables -A FW_BASIC -i ipsec0 -j ACCEPT iptables -A FW_BASIC -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -A FW_BASIC -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FW_BASIC -m mark --mark 0x2511 -j ACCEPT iptables -A LOCAL_SERVICE -m mark --mark 0x2511 -j ACCEPT iptables -I INPUT -i br0 -j ACCEPT iptables -A FW_BASIC -i br0 -j ACCEPT iptables -A PRE_BASIC -t nat -i ppp0 -d ! XX.XX.XXX.XXX -j DROP iptables -t nat -A PRE_BASIC -i br0 -p tcp --dport 8080 -d 192.168.0.1 -j DNAT --to 192.168.0.1:80 iptables -A LOCAL_SERVICE -m mark --mark 0x2643 -d 192.168.0.1 -p tcp --dport 80 -j ACCEPT iptables -t nat -F PT iptables -t nat -A PT -d ! 192.168.0.1 -j PNAT --set-mark 0x2511 iptables -A IN_FILTER -i ! ppp0 -j RETURN iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p udp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p udp --dport *****:***** -j ACCEPT iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p tcp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p tcp --dport *****:***** -j ACCEPT iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p tcp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p tcp --dport *****:***** -j ACCEPT iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p udp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p udp --dport *****:***** -j ACCEPT iptables -A OUT_FILTER -i ! br0 -j RETURN iptables -A CFILTER -i br0 -m string --string GET -p tcp --dport 80 --tcp-flags ALL PSH,ACK -j HTTP iptables -A CFILTER -i br0 -m string --string POST -p tcp --dport 80 --tcp-flags ALL PSH,ACK -j HTTP iptables -A CFILTER -i br0 -m string --string HEAD -p tcp --dport 80 --tcp-flags ALL PSH,ACK -j HTTP iptables -A BLOCK -j LOG --log-level 4 --log-prefix "[BLOCK]" iptables -A BLOCK -p tcp --dport 80 -j REJECT --reject-with http-block iptables -t nat -A POSTROUTING -m mark --mark 0x2643 -j MASQUERADE iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # iptables -nL -v Chain INPUT (policy DROP 58 packets, 5936 bytes) pkts bytes target prot opt in out source destination 65 5492 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 12 4117 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 43 5739 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 176 DOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 9 724 DOS udp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 58 5936 PROXY all -- * * 0.0.0.0/0 0.0.0.0/0 58 5936 LOCAL_SERVICE all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 613 436K OUT_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0 613 436K CFILTER all -- * * 0.0.0.0/0 0.0.0.0/0 613 436K FW_BASIC all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 0 0 DOS udp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 IN_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FW_UPNP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 234 packets, 64675 bytes) pkts bytes target prot opt in out source destination Chain BLOCK (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[BLOCK] ' 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 reject-with http-block Chain CFILTER (1 references) pkts bytes target prot opt in out source destination 54 56446 HTTP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match GET tcp dpt:80 flags:0x3F/0x18 3 3259 HTTP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match POST tcp dpt:80 flags:0x3F/0x18 2 2374 HTTP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match HEAD tcp dpt:80 flags:0x3F/0x18 Chain CONCHK (0 references) pkts bytes target prot opt in out source destination Chain DOS (6 references) pkts bytes target prot opt in out source destination Chain FW_BASIC (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 28 1448 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 589 435K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2511 24 1175 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 Chain FW_UPNP (1 references) pkts bytes target prot opt in out source destination Chain HTTP (3 references) pkts bytes target prot opt in out source destination Chain IN_FILTER (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- !ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.4 udp dpt:***** 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.4 tcp dpt:***** 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.4 tcp dpt:***** 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.4 udp dpt:***** Chain LOCAL_SERVICE (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2511 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.1 tcp dpt:80 MARK match 0x2643 Chain OUT_FILTER (1 references) pkts bytes target prot opt in out source destination 340 360K RETURN all -- !br0 * 0.0.0.0/0 0.0.0.0/0 Chain PROXY (1 references) pkts bytes target prot opt in out source destination Chain SCAN (0 references) pkts bytes target prot opt in out source destination # iptables -t nat -nL -v Chain PREROUTING (policy ACCEPT 114 packets, 7263 bytes) pkts bytes target prot opt in out source destination 53 3419 PRE_BASIC all -- * * 0.0.0.0/0 0.0.0.0/0 53 3419 PRE_PROXY all -- * * 0.0.0.0/0 0.0.0.0/0 53 3419 UPNP all -- * * 0.0.0.0/0 0.0.0.0/0 53 3419 PT all -- * * 0.0.0.0/0 0.0.0.0/0 53 3419 NAPT all -- * * 0.0.0.0/0 0.0.0.0/0 53 3419 VS all -- * * 0.0.0.0/0 0.0.0.0/0 53 3419 DMZ all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 9 packets, 531 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2643 23 1304 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 16 packets, 980 bytes) pkts bytes target prot opt in out source destination Chain DMZ (1 references) pkts bytes target prot opt in out source destination Chain DNS (0 references) pkts bytes target prot opt in out source destination Chain NAPT (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT udp -- * * 0.0.0.0/0 XX.XX.XXX.XXX udp dpt:***** to:192.168.0.4:***** 0 0 DNAT tcp -- * * 0.0.0.0/0 XX.XX.XXX.XXX tcp dpt:***** to:192.168.0.4:***** 0 0 DNAT tcp -- * * 0.0.0.0/0 XX.XX.XXX.XXX tcp dpt:***** to:192.168.0.4:***** 0 0 DNAT udp -- * * 0.0.0.0/0 XX.XX.XXX.XXX udp dpt:***** to:192.168.0.4:***** Chain PRE_BASIC (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- ppp0 * 0.0.0.0/0 !XX.XX.XXX.XXX 0 0 DNAT tcp -- br0 * 0.0.0.0/0 192.168.0.1 tcp dpt:8080 to:192.168.0.1:80 Chain PRE_PROXY (1 references) pkts bytes target prot opt in out source destination Chain PT (1 references) pkts bytes target prot opt in out source destination Chain REAIM_PRE (0 references) pkts bytes target prot opt in out source destination Chain UPNP (1 references) pkts bytes target prot opt in out source destination Chain VS (1 references) pkts bytes target prot opt in out source destination Regola ON Codice:
# cat /tmp/rules iptables -t nat -F iptables -t filter -F iptables -t nat -X PRE_BASIC iptables -t nat -N PRE_BASIC iptables -t nat -X DNS iptables -t nat -N DNS iptables -t nat -X PRE_PROXY iptables -t nat -N PRE_PROXY iptables -t nat -X UPNP iptables -t nat -N UPNP iptables -t nat -X PT iptables -t nat -N PT iptables -t nat -X NAPT iptables -t nat -N NAPT iptables -t nat -X VS iptables -t nat -N VS iptables -t nat -X DMZ iptables -t nat -N DMZ iptables -t nat -X REAIM_PRE iptables -t nat -N REAIM_PRE iptables -t filter -X DOS iptables -t filter -N DOS iptables -t filter -X SCAN iptables -t filter -N SCAN iptables -t filter -X PROXY iptables -t filter -N PROXY iptables -t filter -X LOCAL_SERVICE iptables -t filter -N LOCAL_SERVICE iptables -t filter -X OUT_FILTER iptables -t filter -N OUT_FILTER iptables -t filter -X CFILTER iptables -t filter -N CFILTER iptables -t filter -X HTTP iptables -t filter -N HTTP iptables -t filter -X BLOCK iptables -t filter -N BLOCK iptables -t filter -X IN_FILTER iptables -t filter -N IN_FILTER iptables -t filter -X FW_UPNP iptables -t filter -N FW_UPNP iptables -t filter -X FW_BASIC iptables -t filter -N FW_BASIC iptables -t filter -X CONCHK iptables -t filter -N CONCHK iptables -t nat -A PREROUTING -j PRE_BASIC iptables -t nat -A PREROUTING -j PRE_PROXY iptables -t nat -A PREROUTING -j UPNP iptables -t nat -A PREROUTING -j PT iptables -t nat -A PREROUTING -j NAPT iptables -t nat -A PREROUTING -j VS iptables -t nat -A PREROUTING -j DMZ iptables -P INPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i ipsec0 -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --syn -j DOS iptables -A INPUT -p udp -j DOS iptables -A INPUT -p icmp --icmp-type echo-request -j DOS iptables -A INPUT -j PROXY iptables -A INPUT -j LOCAL_SERVICE iptables -P FORWARD DROP iptables -A FORWARD -j OUT_FILTER iptables -A FORWARD -j CFILTER iptables -A FORWARD -j FW_BASIC iptables -A FORWARD -p tcp --syn -j DOS iptables -A FORWARD -p udp -j DOS iptables -A FORWARD -p icmp --icmp-type echo-request -j DOS iptables -A FORWARD -j IN_FILTER iptables -A FORWARD -j FW_UPNP iptables -A FW_BASIC -i lo -j ACCEPT iptables -A FW_BASIC -i ipsec0 -j ACCEPT iptables -A FW_BASIC -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -A FW_BASIC -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FW_BASIC -m mark --mark 0x2511 -j ACCEPT iptables -A LOCAL_SERVICE -m mark --mark 0x2511 -j ACCEPT iptables -I INPUT -i br0 -j ACCEPT iptables -A FW_BASIC -i br0 -j ACCEPT iptables -A PRE_BASIC -t nat -i ppp0 -d ! XX.XX.XXX.XXX -j DROP iptables -t nat -A PRE_BASIC -i br0 -p tcp --dport 8080 -d 192.168.0.1 -j DNAT --to 192.168.0.1:80 iptables -A LOCAL_SERVICE -m mark --mark 0x2643 -d 192.168.0.1 -p tcp --dport 80 -j ACCEPT iptables -t nat -F PT iptables -t nat -A PT -d ! 192.168.0.1 -j PNAT --set-mark 0x2511 iptables -A IN_FILTER -i ! ppp0 -j RETURN iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p udp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p udp --dport *****:***** -j ACCEPT iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p tcp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p tcp --dport *****:***** -j ACCEPT iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p tcp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p tcp --dport *****:***** -j ACCEPT iptables -t nat -A NAPT -s 0/0 -d XX.XX.XXX.XXX -p udp --dport *****:***** -j DNAT --to 192.168.0.4:*****-***** iptables -A IN_FILTER -d 192.168.0.4 -p udp --dport *****:***** -j ACCEPT iptables -A OUT_FILTER -i ! br0 -j RETURN iptables -A CFILTER -i br0 -m string --string GET -p tcp --dport 80 --tcp-flags ALL PSH,ACK -j HTTP iptables -A CFILTER -i br0 -m string --string POST -p tcp --dport 80 --tcp-flags ALL PSH,ACK -j HTTP iptables -A CFILTER -i br0 -m string --string HEAD -p tcp --dport 80 --tcp-flags ALL PSH,ACK -j HTTP iptables -A BLOCK -j LOG --log-level 4 --log-prefix "[BLOCK]" iptables -A BLOCK -p tcp --dport 80 -j REJECT --reject-with http-block iptables -t nat -A PREROUTING -j REAIM_PRE iptables -t nat -I REAIM_PRE -p tcp --dport 1863 -j DROP iptables -I HTTP -m string --string POST -j CONCHK iptables -I CONCHK -m string --string gateway.messenger.hotmail.com -j DROP iptables -t nat -I REAIM_PRE -p tcp --dport 5190 -j DROP iptables -t nat -I REAIM_PRE -p tcp --dport 5050 -j DROP iptables -I FORWARD -p tcp -i br0 -d 64.12.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p udp -i br0 -d 64.12.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p tcp -i br0 -d 205.188.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p udp -i br0 -d 205.188.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p tcp -i br0 -m string --string YMSG -j DROP iptables -t nat -A POSTROUTING -m mark --mark 0x2643 -j MASQUERADE iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # iptables -nL -v Chain INPUT (policy DROP 5 packets, 269 bytes) pkts bytes target prot opt in out source destination 24 1829 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 12 4117 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 144 DOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 1 71 DOS udp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 5 269 PROXY all -- * * 0.0.0.0/0 0.0.0.0/0 5 269 LOCAL_SERVICE all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match YMSG 0 0 DROP udp -- br0 * 0.0.0.0/0 205.188.0.0/16 udp dpt:!80 0 0 DROP tcp -- br0 * 0.0.0.0/0 205.188.0.0/16 tcp dpt:!80 0 0 DROP udp -- br0 * 0.0.0.0/0 64.12.0.0/16 udp dpt:!80 0 0 DROP tcp -- br0 * 0.0.0.0/0 64.12.0.0/16 tcp dpt:!80 0 0 OUT_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 CFILTER all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FW_BASIC all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 0 0 DOS udp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DOS icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 IN_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FW_UPNP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 654 packets, 237K bytes) pkts bytes target prot opt in out source destination Chain BLOCK (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `[BLOCK] ' 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 reject-with http-block Chain CFILTER (1 references) pkts bytes target prot opt in out source destination 0 0 HTTP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match GET tcp dpt:80 flags:0x3F/0x18 0 0 HTTP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match POST tcp dpt:80 flags:0x3F/0x18 0 0 HTTP tcp -- br0 * 0.0.0.0/0 0.0.0.0/0 STRING match HEAD tcp dpt:80 flags:0x3F/0x18 Chain CONCHK (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match gateway.messenger.hotmail.com Chain DOS (6 references) pkts bytes target prot opt in out source destination Chain FW_BASIC (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2511 0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 Chain FW_UPNP (1 references) pkts bytes target prot opt in out source destination Chain HTTP (3 references) pkts bytes target prot opt in out source destination 0 0 CONCHK all -- * * 0.0.0.0/0 0.0.0.0/0 STRING match POST Chain IN_FILTER (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- !ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.4 udp dpt:***** 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.4 tcp dpt:***** 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.4 tcp dpt:***** 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.0.4 udp dpt:***** Chain LOCAL_SERVICE (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2511 0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.0.1 tcp dpt:80 MARK match 0x2643 Chain OUT_FILTER (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- !br0 * 0.0.0.0/0 0.0.0.0/0 Chain PROXY (1 references) pkts bytes target prot opt in out source destination Chain SCAN (0 references) pkts bytes target prot opt in out source destination # iptables -t nat -nL -v Chain PREROUTING (policy ACCEPT 153 packets, 9827 bytes) pkts bytes target prot opt in out source destination 7 459 PRE_BASIC all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 PRE_PROXY all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 UPNP all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 PT all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 NAPT all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 VS all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 DMZ all -- * * 0.0.0.0/0 0.0.0.0/0 7 459 REAIM_PRE all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 27 packets, 1611 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x2643 0 0 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 34 packets, 2060 bytes) pkts bytes target prot opt in out source destination Chain DMZ (1 references) pkts bytes target prot opt in out source destination Chain DNS (0 references) pkts bytes target prot opt in out source destination Chain NAPT (1 references) pkts bytes target prot opt in out source destination 0 0 DNAT udp -- * * 0.0.0.0/0 XX.XX.XXX.XXX udp dpt:***** to:192.168.0.4:***** 0 0 DNAT tcp -- * * 0.0.0.0/0 XX.XX.XXX.XXX tcp dpt:***** to:192.168.0.4:***** 0 0 DNAT tcp -- * * 0.0.0.0/0 XX.XX.XXX.XXX tcp dpt:***** to:192.168.0.4:***** 0 0 DNAT udp -- * * 0.0.0.0/0 XX.XX.XXX.XXX udp dpt:***** to:192.168.0.4:***** Chain PRE_BASIC (1 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- ppp0 * 0.0.0.0/0 !XX.XX.XXX.XXX 0 0 DNAT tcp -- br0 * 0.0.0.0/0 192.168.0.1 tcp dpt:8080 to:192.168.0.1:80 Chain PRE_PROXY (1 references) pkts bytes target prot opt in out source destination Chain PT (1 references) pkts bytes target prot opt in out source destination Chain REAIM_PRE (1 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5190 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 Chain UPNP (1 references) pkts bytes target prot opt in out source destination Chain VS (1 references) pkts bytes target prot opt in out source destination aggiornamento: con la regola ON non è possibile manco mandare/editare messaggi nel forum |
09-06-2007, 11:58 | #63 | |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
Quote:
la chiavetta è l'anello debole e purtroppo si è in 2 a parlare e ascoltare io ti consiglio (se non l'hai fatto) di montare la chiavetta su prolunga USB in modo da poterla orientare.Quando hai trovato il punto con massimo segnale-SNR la fissi col velcro |
|
09-06-2007, 14:20 | #64 |
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34262
|
Codice:
iptables -t nat -A PREROUTING -j REAIM_PRE iptables -t nat -I REAIM_PRE -p tcp --dport 1863 -j DROP iptables -I HTTP -m string --string POST -j CONCHK iptables -I CONCHK -m string --string gateway.messenger.hotmail.com -j DROP iptables -t nat -I REAIM_PRE -p tcp --dport 5190 -j DROP iptables -t nat -I REAIM_PRE -p tcp --dport 5050 -j DROP iptables -I FORWARD -p tcp -i br0 -d 64.12.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p udp -i br0 -d 64.12.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p tcp -i br0 -d 205.188.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p udp -i br0 -d 205.188.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p tcp -i br0 -m string --string YMSG -j DROP guarda che cazzo han fatto... in dettaglio: Codice:
iptables -t nat -A PREROUTING -j REAIM_PRE iptables -t nat -I REAIM_PRE -p tcp --dport 1863 -j DROP iptables -t nat -I REAIM_PRE -p tcp --dport 5190 -j DROP iptables -t nat -I REAIM_PRE -p tcp --dport 5050 -j DROP Codice:
iptables -I HTTP -m string --string POST -j CONCHK iptables -I CONCHK -m string --string gateway.messenger.hotmail.com -j DROP iptables -I FORWARD -p tcp -i br0 -d 64.12.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p udp -i br0 -d 64.12.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p tcp -i br0 -d 205.188.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p udp -i br0 -d 205.188.0.0/16 ! --dport 80 -j DROP iptables -I FORWARD -p tcp -i br0 -m string --string YMSG -j DROP in pratica, non si sono accontentati di chiudere semplicemente il proxy reaim ma si sono allargati (non si sa il perchè) a bloccare I DOMINII INTERNET relativi a MESSENGER e YAHOO (ultima riga) quindi, in pratica, se si seleziona IM off oltre che usare i client msn e yahoo, su alcuni siti, è impossibile andarci.. [e scommetto che imageshack si trova proprio li in mezzo come ip: ecco perchè non funziona con la spunta inattiva...] infine, tanto per completare l'opera, avendo bloccato il metodo POST sul codice HTML (prima regola) per impedire a messenger di passare attraverso il server, non è più possibile nemmeno, ad esempio, postare sul forum... La questione sollevata da paky era più che fondata anzi, grazie della segnalazione (sarebbe quasi da far presente alla netgear questa cosa perchè se una puo' essere un'altra discutibile scelta, quello di imageshack è un vero e proprio effetto collaterale)
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK Ultima modifica di Stev-O : 09-06-2007 alle 14:55. |
09-06-2007, 14:38 | #65 |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
ma in Netgear la sezione firmware a chi è stata affidata? a Topo Gigio?
cmq come dicevo nel post precedente, se abilito la chiusura IM non riesco manco ad editare/inviare messaggi qui su HWUP |
09-06-2007, 14:48 | #66 |
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34262
|
Codice:
iptables -I HTTP -m string --string POST -j CONCHK beh, che dire... prendendo in prestito una frase tanto devota a enetec: Codice:
penso non siano necessari ulteriori commenti
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK Ultima modifica di Stev-O : 09-06-2007 alle 14:53. |
09-06-2007, 16:08 | #67 |
Senior Member
Iscritto dal: Mar 2004
Città: Firenze
Messaggi: 3904
|
non riesco a far avere id alto su emule, ad un pc connesso tramite wireless!! l'indirizzo ip assegnatoli dal router è uguale a quello che ho messo nelle regole del firewall!!!
HELP
__________________
Ho concluso affari con: ::: Lallabell K Reloaded BugoA7X topolino2808 sirix37 CèTutto falcao3 mdsoft avalon75 Kris.K Nicola80 presidente1980 ezekiel22 dedalos1 tcianca NumberOne @ndre1 klimt78 Xjao^Gabry C3r3al + altri 55 utenti! ::: |
09-06-2007, 16:19 | #68 |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
controlla bene , qualcosa di sbagliato c'è
|
09-06-2007, 16:57 | #69 |
Senior Member
Iscritto dal: Mar 2004
Città: Firenze
Messaggi: 3904
|
ho controllato 10000 volte ma niente...da cosa può dipendere??
__________________
Ho concluso affari con: ::: Lallabell K Reloaded BugoA7X topolino2808 sirix37 CèTutto falcao3 mdsoft avalon75 Kris.K Nicola80 presidente1980 ezekiel22 dedalos1 tcianca NumberOne @ndre1 klimt78 Xjao^Gabry C3r3al + altri 55 utenti! ::: |
09-06-2007, 17:01 | #70 |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
posta le regole firewall che hai impostato nel router riguardanti il pc in wifi
e posta anche il risultato di ipconfig /all da prompt dos |
09-06-2007, 21:28 | #71 |
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34262
|
ci sarà qualche fw sul pc allora
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
10-06-2007, 07:38 | #72 |
Senior Member
Iscritto dal: Sep 2005
Città: Roma
Messaggi: 6886
|
up
__________________
CORE I5 2500K @ 4,4 GHz; Asrock Z77 PRO3; 24 GB DDR3 1600; CRUCIAL 500GB SSD; 2 x Samsung F3 2TB; OCZ MODXSTREAM 600W; Thermaltake Armor; Logitech G15 & G5; concluso positivamente con: Tisserand, Kenny01, I Soliti Sospetti, Isd67, The_Saint, Arrapaho |
10-06-2007, 11:49 | #73 | |
Senior Member
Iscritto dal: Mar 2004
Città: Firenze
Messaggi: 3904
|
Quote:
non c'è nessun firewall sul pc perchè ho disabilitato quello di windows! cmq ho impostato due servizi: TCP: 5422 5422 UDP: 5432 5432 poi nelle regole del fw ho messo due regole relative ai due servizi e con queste impostazioni: servizi in entrata: lan: 192.168.0.6 WAN: qualsiasi
__________________
Ho concluso affari con: ::: Lallabell K Reloaded BugoA7X topolino2808 sirix37 CèTutto falcao3 mdsoft avalon75 Kris.K Nicola80 presidente1980 ezekiel22 dedalos1 tcianca NumberOne @ndre1 klimt78 Xjao^Gabry C3r3al + altri 55 utenti! ::: |
|
10-06-2007, 11:58 | #74 |
Member
Iscritto dal: Jan 2004
Città: como
Messaggi: 198
|
Il firewall del routere è sufficiente ad una navigazione sicura? Perchè da quando ho installato il router ho disinstallato il firewall (ZoneAlarm) che avevo sul mio sistema operativo.
|
10-06-2007, 12:13 | #75 | |
Senior Member
Iscritto dal: Jun 2001
Città: Codice Amico Sorgenia EmidioM56745
Messaggi: 22136
|
Quote:
se ce l'hai on prova a disbilitare la crittografia |
|
10-06-2007, 13:32 | #76 |
Senior Member
Iscritto dal: May 2006
Città: Verona
Messaggi: 1382
|
|
10-06-2007, 18:35 | #77 |
Senior Member
Iscritto dal: Mar 2007
Messaggi: 1420
|
Qualcuno mi può spiegare per favore cosa vi trovate quando comprate questo router;se devo compreare qualcos'altro oltre a questo router per far collegare i tre pc[e farli andare sul web]?
Ciooè c'è la penna usb come nel D-Link G-624 o cosa??? Spiegatemi per favore che domani devolevarmi da dosso sto fastidio del d-link che ho g-924..
__________________
CPU Intel Core i7 920RAM 3 x 2 GB Corsair Dominator @ 1333 VGA nVidia GeForce GTX285 1 GB Hard Disk 2x WD 320 GB RAID0 + Seagate 750 GB SATA2 CaseThermaltake Kandalf 25 cm VA9000BS Dissipatore Zalman 9900 Led Alimentatore ENERMAX 1250W REVOLUTION85+ ATX Version 2.3 Mobo Asus P6T Deluxe V2 |
10-06-2007, 20:31 | #78 | |
Senior Member
Iscritto dal: May 2006
Messaggi: 961
|
Quote:
Come router non puoi, le funzioni di routing e firewall funzionano solo tra WAN e LAN. puoi usarlo come AP e switch. Devi disabilitare il DHCP e impostare il suo indirizzo IP compatibile con quelli assegnati dal pirelli.
__________________
Ho concluso con: Bassmo Geek Room: iBook 12" G4, Toshiba L30-10T, Mighty Mouse wired, D-link DBT-120, HP LaserJet 1010, Cooler Master X-craft RX-3HU-S + HD Maxtor 60 GB, Netgear DG834G, LG T710B, cobra giano plus. MAC, Debian and Win User Radio Shack: Sangean ATS 909 Ultima modifica di w-shark : 11-06-2007 alle 00:33. |
|
10-06-2007, 21:40 | #79 | |
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34262
|
Quote:
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
10-06-2007, 23:17 | #80 | |
Senior Member
Iscritto dal: Mar 2007
Messaggi: 1420
|
Quote:
Ma,ricapitolando,devo prendere questo netgear D834GTIT 108 Mbps in versione Bundle e mi esce la penna usb,senza che io utilizzi schede wi-fi,ma la sola scheda di rete,o sbaglio?
__________________
CPU Intel Core i7 920RAM 3 x 2 GB Corsair Dominator @ 1333 VGA nVidia GeForce GTX285 1 GB Hard Disk 2x WD 320 GB RAID0 + Seagate 750 GB SATA2 CaseThermaltake Kandalf 25 cm VA9000BS Dissipatore Zalman 9900 Led Alimentatore ENERMAX 1250W REVOLUTION85+ ATX Version 2.3 Mobo Asus P6T Deluxe V2 |
|
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 01:50.