[asterisk-users] Firewall Issue
RSCL Mumbai
rscl.mumbai at gmail.com
Mon Aug 8 07:27:41 CDT 2011
For some unknown reason, the firewall script was not executed.
Now I get the output of iptables-save.
May be this is the reason why unwanted packets hit the system... a big
blunder.
Sans
On Mon, Aug 8, 2011 at 5:44 PM, RSCL Mumbai <rscl.mumbai at gmail.com> wrote:
>
>
> On Mon, Aug 8, 2011 at 4:20 PM, Антон Квашёнкин <anton.jugatsu at gmail.com>wrote:
>
>> Hi,
>>
>> Could you attach iptables-save output.
>>
>
> "iptables-save" output is blank -- no output.
> Not sure why ?
>
> Thx
> Sans
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110808/feda43b7/attachment.htm>
-------------- next part --------------
[root at e1 ~]# iptables-save
# Generated by iptables-save v1.3.5 on Mon Aug 8 08:19:37 2011
*filter
:INPUT DROP [1:78]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [2496:492015]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3100 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4142 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 4445 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 4445 -j ACCEPT
-A INPUT -s 67.18.110.210 -i eth1 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 192.168.1.0/255.255.255.0 -i eth0 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 61.16.181.9 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 61.16.181.9 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 61.16.181.9 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 203.109.120.65 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 203.109.120.65 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 203.109.120.65 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 81.201.82.128/255.255.255.192 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.82.128/255.255.255.192 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.82.128/255.255.255.192 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 81.201.83.0/255.255.255.192 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.83.0/255.255.255.192 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.83.0/255.255.255.192 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 81.201.84.0/255.255.255.0 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.84.0/255.255.255.0 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.84.0/255.255.255.0 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 81.201.86.0/255.255.255.192 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.86.0/255.255.255.192 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.201.86.0/255.255.255.192 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 74.55.98.122 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 74.55.98.122 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 74.55.98.122 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 74.55.98.120 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 74.55.98.120 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 74.55.98.120 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 64.154.41.150 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 64.154.41.150 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 64.154.41.150 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 64.154.41.100 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 64.154.41.100 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 64.154.41.100 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 46.19.209.8/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.209.8/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.209.72/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.209.72/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.210.8/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.210.8/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.210.72/255.255.255.248 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.210.72/255.255.255.248 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.85.224.40/255.255.255.254 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 81.85.224.40/255.255.255.254 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 212.150.88.20/255.255.255.252 -i eth1 -p udp -m udp --dport 5060:5062 -j ACCEPT
-A INPUT -s 212.150.88.20/255.255.255.252 -i eth1 -p tcp -m tcp --dport 5060:5062 -j ACCEPT
-A INPUT -s 46.19.209.0/255.255.255.128 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -s 46.19.210.0/255.255.255.128 -i eth1 -p udp -m udp --dport 10000:20000 -j ACCEPT
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
-A INPUT -f -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Aug 8 08:19:37 2011
# Generated by iptables-save v1.3.5 on Mon Aug 8 08:19:37 2011
*nat
:PREROUTING ACCEPT [374:75238]
:POSTROUTING ACCEPT [74:6988]
:OUTPUT ACCEPT [74:6988]
COMMIT
# Completed on Mon Aug 8 08:19:37 2011
More information about the asterisk-users
mailing list