Forum Debian Users Gang

morfik · 2014-05-20 17:53:20

Zwiększ sobie rozmiar tablicy w ipsecie.

gnejusz pompejusz · 2015-06-05 11:19:56

Chciałem dodać udostępnianie internetu w tym skrypcie. Walczę i jakoś mi się nie udaje...

Kod:

# Generated by iptables-save v1.4.21 on Fri Jan  2 08:50:27 2015
*nat
:PREROUTING ACCEPT [8:488]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [17:1318]
:POSTROUTING ACCEPT [16:1158]
-A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE
COMMIT

*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -p tcp -m set --match-set whitelist src -j ACCEPT
-A PREROUTING -p tcp -m multiport ! --sports 80,443 -m set --match-set bt_level1 src -j DROP
-A PREROUTING -p udp -m multiport ! --sports 80,443 -m set --match-set bt_level1 src -j DROP
-A PREROUTING -m set --match-set bt_spyware src -j DROP
-A PREROUTING -m set --match-set bt_webexploit src -j DROP
-A OUTPUT -p tcp -m set --match-set whitelist dst -j ACCEPT
-A OUTPUT -p tcp -m multiport ! --dports 80,443 -m set --match-set bt_level1 dst -j DROP
-A OUTPUT -p udp -m multiport ! --dports 80,443 -m set --match-set bt_level1 dst -j DROP
-A OUTPUT -m set --match-set bt_spyware dst -j DROP
-A OUTPUT -m set --match-set bt_webexploit dst -j DROP
COMMIT
# Completed on Fri Jan  2 08:50:27 2015
# Generated by iptables-save v1.4.21 on Fri Jan  2 08:50:27 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -s 192.168.100.0/24 -j ACCEPT
-A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p tcp -j DROP
-A INPUT -p udp -j DROP
-A INPUT -j DROP
-A OUTPUT -m state --state INVALID -j DROP
COMMIT
# Completed on Fri Jan  2 08:50:27 2015

jakieś sugestie?

Forum Debian Users Gang

Ogłoszenie

#51 2014-05-20 17:53:20

morfik - Cenzor wirtualnego świata

Re: PeerGuardian i inne filtry ip

#52 2015-06-05 11:19:56

gnejusz pompejusz - Użytkownik

Re: PeerGuardian i inne filtry ip

Kod:

Stopka forum