• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. CARREIRA
    C
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 1
    • Best 0
    • Controversial 0
    • Groups 0

    CARREIRA

    @CARREIRA

    0
    Reputation
    234
    Profile views
    1
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    CARREIRA Unfollow Follow

    Latest posts made by CARREIRA

    • RE: Firewall Config

      Hi guys, i’ve got a little problem with my firewall rules.
      I start my iptable configuration and my computer stop in TFTP. It doesn’t show me the fog boot menu
      The ports TFTP are open so what’s my problem ?

      [CODE]#!/bin/sh

      BEGIN INIT INFO

      Provides: PareFeu

      Required-Start: $remote_fs $syslog

      Required-Stop:

      Default-Start: 2 3 4 5

      Default-Stop: 0 1 6

      Short-Description: Start daemon at boot time

      Description: Enable service provided by daemon.

      END INIT INFO

      Vider les tables actuelles

      iptables -t filter -F
      iptables -t mangle -F
      iptables -t nat -F

      Vider les règles personnelles

      iptables -t filter -X
      iptables -t mangle -X
      iptables -t nat -X

      Interdire toute connexion entrante et sortante

      iptables -t filter -P INPUT DROP
      iptables -t filter -P FORWARD DROP
      iptables -t filter -P OUTPUT DROP

      Ne pas casser les connexions etablies

      iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
      iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

      Autoriser loopback

      iptables -t filter -A INPUT -i lo -j ACCEPT
      iptables -t filter -A OUTPUT -o lo -j ACCEPT

      ICMP (Ping)

      iptables -t filter -A INPUT -p icmp -j ACCEPT
      iptables -t filter -A OUTPUT -p icmp -j ACCEPT

      SSH In

      iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT

      SSH Out

      iptables -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT

      DNS In/Out

      iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
      iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
      iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
      iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT

      NTP Out

      iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT

      HTTP + HTTPS Out

      iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
      iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT

      HTTP + HTTPS In

      iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
      iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
      iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT

      FTP/TFTP Out

      iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
      iptables -t filter -A OUTPUT -p udp --dport 20:21 -j ACCEPT
      iptables -t filter -A OUTPUT -p tcp --dport 67:68 -j ACCEPT
      iptables -t filter -A OUTPUT -p udp --dport 67:68 -j ACCEPT

      FTP/TFTP In

      iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
      iptables -t filter -A INPUT -p udp --dport 20:21 -j ACCEPT
      iptables -t filter -A INPUT -p tcp --dport 67:69 -j ACCEPT
      iptables -t filter -A INPUT -p udp --dport 67:69 -j ACCEPT

      MySQL IN/OUT

      iptables -t filter -A OUTPUT -p udp --port 3306 -j ACCEPT
      iptables -t filter -A INPUT -p udp --port 3306 -j ACCEPT

      #NFS IN/OUT
      iptables -t filter -A OUTPUT -p udp --dport 2049 -j ACCEPT
      iptables -t filter -A INPUT -p tcp --dport 2049 -j ACCEPT

      iptables -t filter -A OUTPUT -p udp --dport 111 -j ACCEPT
      iptables -t filter -A INPUT -p tcp --dport 111 -j ACCEPT
      [/CODE]

      thanks you for your ideas.

      EDIT :
      I find my problem

      modprobe ip_conntrack_tftp
      modprobe ip_conntrack_ftp

      😉

      posted in General
      C
      CARREIRA