LINUX.ORG.RU

История изменений

Исправление soomrack, (текущая версия) :

А зачем?

Делай iptables-restore «имя файла», iptables-save

# Generated by iptables-save v1.4.21 on Mon Aug 18 22:23:40 2014
*filter
:INPUT ACCEPT [5:952]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1192099:595387635]

# accept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# permit people to ssh into this computer
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

# permit ftp and web hosting services
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

# permit windows file sharing
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 137:139 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 426 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT

# permit five ports for bitorrent
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 6881:6886 -j ACCEPT

# reject all other packets coming into the computer, even from other computers in the local area network
-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT
# Completed on Mon Aug 18 22:23:40 2014

PS: на локальной машине проверь открытые порты, nmap -sS 192.168.1.101

Исходная версия soomrack, :

А зачем?

Делай iptables-restore «имя файла»

# Generated by iptables-save v1.4.21 on Mon Aug 18 22:23:40 2014
*filter
:INPUT ACCEPT [5:952]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1192099:595387635]

# accept all from localhost
-A INPUT -s 127.0.0.1 -j ACCEPT

# accept all previously established connections
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# permit people to ssh into this computer
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

# permit ftp and web hosting services
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

# permit windows file sharing
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 137:139 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 426 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT

# permit five ports for bitorrent
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 6881:6886 -j ACCEPT

# reject all other packets coming into the computer, even from other computers in the local area network
-A INPUT -j REJECT --reject-with icmp-port-unreachable

COMMIT
# Completed on Mon Aug 18 22:23:40 2014

PS: на локальной машине проверь открытые порты, nmap -sS 192.168.1.101