Clubinternet.box = parefeu + flicage ?

mattotop · Février 20, 2016, 6:02pm

iptables-save

Baruch · Février 20, 2016, 6:02pm

Ok alors :

[code]debian:/home/jean-louis# iptables-save

Generated by iptables-save v1.4.1.1 on Wed Aug 13 21:36:46 2008

*nat
:PREROUTING ACCEPT [1:306]
:POSTROUTING ACCEPT [182:22589]
:OUTPUT ACCEPT [182:22589]
COMMIT

Completed on Wed Aug 13 21:36:46 2008

Generated by iptables-save v1.4.1.1 on Wed Aug 13 21:36:46 2008

*mangle
:PREROUTING ACCEPT [774:379707]
:INPUT ACCEPT [724:339554]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [984:159581]
:POSTROUTING ACCEPT [984:159581]
COMMIT

Completed on Wed Aug 13 21:36:46 2008

Generated by iptables-save v1.4.1.1 on Wed Aug 13 21:36:46 2008

*filter
:INPUT ACCEPT [724:339554]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [984:159581]
COMMIT

Completed on Wed Aug 13 21:36:46 2008

debian:/home/jean-louis#
[/code]

fran.b · Février 20, 2016, 6:02pm

Là c’est sans le parefeu non?

Baruch · Février 20, 2016, 6:02pm

Oui désolé je me suis un peu perdu voilà avec :

[code]debian:/home/jean-louis# iptables-save

Generated by iptables-save v1.4.1.1 on Wed Aug 13 22:35:09 2008

*nat
:PREROUTING ACCEPT [1:306]
:POSTROUTING ACCEPT [457:54249]
:OUTPUT ACCEPT [457:54249]
COMMIT

Completed on Wed Aug 13 22:35:09 2008

Generated by iptables-save v1.4.1.1 on Wed Aug 13 22:35:09 2008

*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT

Completed on Wed Aug 13 22:35:09 2008

Generated by iptables-save v1.4.1.1 on Wed Aug 13 22:35:09 2008

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
:INBOUND - [0:0]
:LOG_FILTER - [0:0]
:LSI - [0:0]
:LSO - [0:0]
:OUTBOUND - [0:0]
-A INPUT -s 192.168.1.1/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 192.168.1.1/32 -p udp -j ACCEPT
-A INPUT -s 192.168.1.1/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 192.168.1.1/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 33434 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3/1 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 13 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 14 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 17 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 18 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 5 -m limit --limit 2/sec -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 4 -m limit --limit 2/sec -j ACCEPT
-A INPUT -p icmp -j LSI
-A INPUT -d 255.255.255.255/32 -i wlan0 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i wlan0 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix “Unknown Input” --log-level 6
-A FORWARD -p udp -m udp --dport 33434 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 3/1 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 17 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 18 -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 5 -m limit --limit 2/sec -j ACCEPT
-A FORWARD -p icmp -m icmp --icmp-type 4 -m limit --limit 2/sec -j ACCEPT
-A FORWARD -p icmp -j LSI
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix “Unknown Forward” --log-level 6
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o wlan0 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix “Unknown Output” --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p tcp -m tcp --dport 1863 -j ACCEPT
-A INBOUND -p udp -m udp --dport 1863 -j ACCEPT
-A INBOUND -p tcp -m tcp --dport 6891 -j ACCEPT
-A INBOUND -p udp -m udp --dport 6891 -j ACCEPT
-A INBOUND -j LSI
-A LOG_FILTER -p tcp -m tcp --dport 14013 -j DROP
-A LOG_FILTER -p udp -m udp --dport 14013 -j DROP
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -j ACCEPT
COMMIT

Completed on Wed Aug 13 22:35:09 2008

debian:/home/jean-louis# [/code]

Encore merci !

Baruch · Février 20, 2016, 6:03pm

enhaut

Baruch · Février 20, 2016, 6:04pm

re en haut…

shell-boudeur · Février 20, 2016, 6:04pm

Hi

à mon tour d’en dire une.
le réglage doit peut-être se faire sur la box et non au niveau du pc.

Baruch · Février 20, 2016, 6:04pm

Non puisque désactiver mon parefeu règle le problème.

Sur ubuntu et windows ça marche directement - je dois dire que j’y comprend vraiment rien

bon en wifi pas de problème