Ancora aMule e iptables...
Inviato: mar 20 nov 2007, 23:52
Ciao a tutti...
scusate, lo so che questo sarà il milionesimo thread su questo argomento, ma dopo le ricerche su questo forum e su google non sono riuscito comunque a venire a capo del mio problema.
Ho seguito passo passo questa guida, ma il problema è che non si collega alla rete kad.. con i server nessun problema, ma niente kad... come mai?
vi posto qua sotto il mio rc.firewall
vi risparmio le definizioni delle variabili, che ho già controllato 
grazie mille!!
scusate, lo so che questo sarà il milionesimo thread su questo argomento, ma dopo le ricerche su questo forum e su google non sono riuscito comunque a venire a capo del mio problema.
Ho seguito passo passo questa guida, ma il problema è che non si collega alla rete kad.. con i server nessun problema, ma niente kad... come mai?
vi posto qua sotto il mio rc.firewall
Codice: Seleziona tutto
# flush chains rules
flush_chain(){
$IPTAB -F
$IPTAB -X
$IPTAB -Z
}
# policy rules
set_policy(){
$IPTAB -P INPUT $1
$IPTAB -P FORWARD $1
$IPTAB -P OUTPUT $1
}
# new chains
set_chain() {
# Net chains
$IPTAB -N ETH_IN
$IPTAB -N ETH_OUT
# Services chains
$IPTAB -N AMULE_IN
$IPTAB -N SKYPE_OUT
# Security chains
$IPTAB -N TCP_CHECKS
$IPTAB -N ANTISPOOF
}
# localhost
set_loop(){
echo "Accept loopback connections..."
$IPTAB -$1 INPUT -i lo -j ACCEPT
$IPTAB -$1 OUTPUT -o lo -j ACCEPT
}
# Traffic routing
set_global(){
echo "Incoming internet traffic..."
$IPTAB -$1 INPUT -i $ETH -j ETH_IN
echo "Outgoing internet traffic..."
$IPTAB -$1 OUTPUT -o $ETH -j ETH_OUT
}
# set user
set_user(){
echo "INPUT: $USR"
$IPTAB -$1 INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "OUTPUT $USR"
$IPTAB -$1 OUTPUT -m state --state NEW,ESTABLISHED,RELATED -m owner --uid-owner $USR -j ACCEPT
}
# set log
set_log(){
$IPTAB -$1 INPUT -p 0 -j LOG
$IPTAB -$1 OUTPUT -p 0 -j LOG
}
# security rules
set_portscan(){
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ALL NONE -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags FIN,ACK FIN -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ACK,PSH PSH -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ACK,URG URG -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
$IPTAB -$1 TCP_CHECKS -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
}
# security rules
set_antispoof(){
$IPTAB -$1 ANTISPOOF --in-interface ! lo --source $LOOPBACK -j DROP
$IPTAB -$1 ANTISPOOF --in-interface ! lo --destination $LOOPBACK -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_A -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_B -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_C -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_D_MULTICAST -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $CLASS_E_RESERVED_NET -j DROP
$IPTAB -$1 ANTISPOOF --in-interface $ETH --source $MY_HOST -j DROP
# ping limit
$IPTAB -$1 INPUT -i eth0 -p icmp --icmp-type echo-request -m limit --limit 1/second --limit-burst 1 -j ACCEPT
}
# services
set_services(){
set_amule $1
set_dns $1
set_http $1
set_https $1
set_msn $1
set_skype $1
set_ftp $1
}
# applications rules
set_custom_rules() {
set_internet $1
set_antispoof $1
set_portscan $1
set_services $1
}
set_amule(){
AMULE_TCP="4662"
AMULE_UDP="4662:4665"
AMULE_UDP2="4672"
echo "aMule TCP"
$IPTAB -$1 AMULE_IN -p TCP --dport $AMULE_TCP -j ACCEPT
echo "aMule UDP"
$IPTAB -$1 AMULE_IN -p UDP --dport $AMULE_UDP -j ACCEPT
echo "aMule UDP2"
$IPTAB -$1 AMULE_IN -p UDP --dport $AMULE_UDP2 -j ACCEPT
}
set_dns() {
echo "- Client DNS"
$IPTAB -$1 OUTPUT -p udp -m udp --dport domain -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p udp -m udp --sport domain -m state --state ESTABLISHED -j ACCEPT
}
set_http() {
echo "- Client HTTP"
$IPTAB -$1 OUTPUT -p tcp -m tcp --dport http -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p tcp -m tcp --sport http -m state --state ESTABLISHED -j ACCEPT
}
set_https() {
echo "- Client HTTPS"
$IPTAB -$1 OUTPUT -p tcp -m tcp --dport https -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p tcp -m tcp --sport https -m state --state ESTABLISHED -j ACCEPT
}
set_msn() {
echo "- Client MSN"
$IPTAB -$1 OUTPUT -p tcp -m tcp --dport 1863 -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTAB -$1 INPUT -p tcp -m tcp --sport 1863 -m state --state ESTABLISHED -j ACCEPT
}
set_skype() {
SKYPE_PORT="2424";
$IPTAB -A SKYPE_OUT -o $ETH -p udp --dport $SKYPE_PORT -m state --state NEW,ESTABLISHED -j ACCEPT
}
set_ftp() {
echo "- Client FTP"
$IPTAB -$1 INPUT -p tcp --sport ftp -m state --state ESTABLISHED -j ACCEPT
$IPTAB -$1 OUTPUT -p tcp --dport ftp -m state --state NEW,ESTABLISHED -j ACCEPT
echo "--- Active Mode"
$IPTAB -$1 INPUT -p tcp -m helper --helper ftp --sport ftp-data -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTAB -$1 OUTPUT -p tcp -m helper --helper ftp --dport ftp-data -m state --state ESTABLISHED -j ACCEPT
echo "--- Passive Mode"
$IPTAB -$1 INPUT -p tcp -m helper --helper ftp -m state --state ESTABLISHED -j ACCEPT
$IPTAB -$1 OUTPUT -p tcp -m helper --helper ftp -m state --state RELATED,ESTABLISHED -j ACCEPT
}
set_internet(){
echo "Antispoof"
$IPTAB -$1 ETH_IN -j ANTISPOOF
echo "Portscan"
$IPTAB -$1 ETH_IN -j TCP_CHECKS
echo "aMule service"
$IPTAB -$1 ETH_IN -j AMULE_IN
echo "Skype service"
$IPTAB -$1 ETH_OUT -j SKYPE_OUT
}
# miscellaneous
set_firewall(){
flush_chain
set_policy "DROP"
set_chain
set_loop A
set_global A
set_user A
set_log A
set_custom_rules A
}
unset_firewall(){
flush_chain
set_policy "ACCEPT"
}
# Main
case "$1" in
start)
echo "Starting firewall..."
set_firewall
;;
stop)
echo "Stopping firewall..."
unset_firewall
;;
restart)
echo "Restarting firewall..."
set_firewall
;;
status)
$IPTAB -L -v
;;
block)
echo "Blocks every connection..."
set_policy "DROP"
set_loop A
;;
*)
echo "Usage: $0 {start|stop|restart|status|block}"
exit
;;
esac
exit 0grazie mille!!