scusate, lo so che questo sarà il milionesimo thread su questo argomento, ma dopo le ricerche su questo forum e su google non sono riuscito comunque a venire a capo del mio problema.
Ho seguito passo passo questa guida, ma il problema è che non si collega alla rete kad.. con i server nessun problema, ma niente kad... come mai?
vi posto qua sotto il mio rc.firewall
Codice: Seleziona tutto
# flush chains rules
flush_chain(){
$IPTAB -F
$IPTAB -X
$IPTAB -Z
}
# policy rules
set_policy(){
$IPTAB -P INPUT $1
$IPTAB -P FORWARD $1
$IPTAB -P OUTPUT $1
}
# new chains
set_chain() {
# Net chains
$IPTAB -N ETH_IN
$IPTAB -N ETH_OUT
# Services chains
$IPTAB -N AMULE_IN
$IPTAB -N SKYPE_OUT
# Security chains
$IPTAB -N TCP_CHECKS
$IPTAB -N ANTISPOOF
}
# localhost
set_loop(){
echo "Accept loopback connections..."
$IPTAB -$1 INPUT -i lo -j ACCEPT
$IPTAB -$1 OUTPUT -o lo -j ACCEPT
}
# Traffic routing
set_global(){
echo "Incoming internet traffic..."
$IPTAB -$1 INPUT -i $ETH -j ETH_IN
echo "Outgoing internet traffic..."
$IPTAB -$1 OUTPUT -o $ETH -j ETH_OUT
}
# set user
set_user(){
echo "INPUT: $USR"
$IPTAB -$1 INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "OUTPUT $USR"
$IPTAB -$1 OUTPUT -m state --state NEW,ESTABLISHED,RELATED -m owner --uid-owner $USR -j ACCEPT
}
# set log
set_log(){
$IPTAB -$1 INPUT -p 0 -j LOG
$IPTAB -$1 OUTPUT -p 0 -j LOG
}
# security rules
set_portscan(){
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ALL NONE -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags FIN,ACK FIN -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ACK,URG URG -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
}
# security rules
set_antispoof(){
$IPTAB -$1 ANTISPOOF --in-interface ! lo --source $LOOPBACK -j DROP
$IPTAB -$1 ANTISPOOF --in-interface ! lo --destination $LOOPBACK -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_A -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_B -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_C -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_D_MULTICAST -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_E_RESERVED_NET -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $MY_HOST -j DROP
# ping limit
$IPTAB -$1 INPUT -i eth0 -p icmp --icmp-type echo-request -m limit --limit 1/second --limit-burst 1 -j ACCEPT
}
# services
set_services(){
set_amule $1
set_dns $1
set_http $1
set_https $1
set_msn $1
set_skype $1
set_ftp $1
}
# applications rules
set_custom_rules() {
set_internet $1
set_antispoof $1
set_portscan $1
set_services $1
}
set_amule(){
AMULE_TCP="4662"
AMULE_UDP="4662:4665"
AMULE_UDP2="4672"
echo "aMule TCP"
$IPTAB -$1 AMULE_IN -p TCP --dport $AMULE_TCP -j ACCEPT
echo "aMule UDP"
$IPTAB -$1 AMULE_IN -p UDP --dport $AMULE_UDP -j ACCEPT
echo "aMule UDP2"
$IPTAB -$1 AMULE_IN -p UDP --dport $AMULE_UDP2 -j ACCEPT
}
set_dns() {
echo "- Client DNS"
$IPTAB -$1 OUTPUT -p udp -m udp --dport domain -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p udp -m udp --sport domain -m state --state ESTABLISHED -j ACCEPT
}
set_http() {
echo "- Client HTTP"
$IPTAB -$1 OUTPUT -p tcp -m tcp --dport http -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p tcp -m tcp --sport http -m state --state ESTABLISHED -j ACCEPT
}
set_https() {
echo "- Client HTTPS"
$IPTAB -$1 OUTPUT -p tcp -m tcp --dport https -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p tcp -m tcp --sport https -m state --state ESTABLISHED -j ACCEPT
}
set_msn() {
echo "- Client MSN"
$IPTAB -$1 OUTPUT -p tcp -m tcp --dport 1863 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p tcp -m tcp --sport 1863 -m state --state ESTABLISHED -j ACCEPT
}
set_skype() {
SKYPE_PORT="2424";
$IPTAB -A SKYPE_OUT -o $ETH -p udp --dport $SKYPE_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
}
set_ftp() {
echo "- Client FTP"
$IPTAB -$1 INPUT -p tcp --sport ftp -m state --state ESTABLISHED -j ACCEPT
$IPTAB -$1 OUTPUT -p tcp --dport ftp -m state --state NEW,ESTABLISHED -j ACCEPT
echo "--- Active Mode"
$IPTAB -$1 INPUT -p tcp -m helper --helper ftp --sport ftp-data -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTAB -$1 OUTPUT -p tcp -m helper --helper ftp --dport ftp-data -m state --state ESTABLISHED -j ACCEPT
echo "--- Passive Mode"
$IPTAB -$1 INPUT -p tcp -m helper --helper ftp -m state --state ESTABLISHED -j ACCEPT
$IPTAB -$1 OUTPUT -p tcp -m helper --helper ftp -m state --state RELATED,ESTABLISHED -j ACCEPT
}
set_internet(){
echo "Antispoof"
$IPTAB -$1 ETH_IN -j ANTISPOOF
echo "Portscan"
$IPTAB -$1 ETH_IN -j TCP_CHECKS
echo "aMule service"
$IPTAB -$1 ETH_IN -j AMULE_IN
echo "Skype service"
$IPTAB -$1 ETH_OUT -j SKYPE_OUT
}
# miscellaneous
set_firewall(){
flush_chain
set_policy "DROP"
set_chain
set_loop A
set_global A
set_user A
set_log A
set_custom_rules A
}
unset_firewall(){
flush_chain
set_policy "ACCEPT"
}
# Main
case "$1" in
start)
echo "Starting firewall..."
set_firewall
;;
stop)
echo "Stopping firewall..."
unset_firewall
;;
restart)
echo "Restarting firewall..."
set_firewall
;;
status)
$IPTAB -L -v
;;
block)
echo "Blocks every connection..."
set_policy "DROP"
set_loop A
;;
*)
echo "Usage: $0 {start|stop|restart|status|block}"
exit
;;
esac
exit 0grazie mille!!
