UFW Firewall Rules, имеет дыру в нем. Пожалуйста помоги
Может кто-нибудь, пожалуйста, посмотрите на приведенный ниже вывод для меня. У меня есть мой UFW на запрет / отказ, и вот правила. Но если я оставлю свой сервер Ubuntu включенным с виртуальной машиной Windows XP и позволю Instant Messenger долго работать в Windows XP, он все равно иногда подключается на несколько секунд и отправляет / получает сообщения. Есть ли дыра в моей конфигурации?
Я ценю вашу помощь
Мои правила UFW (здесь есть дыра?)
root@myubuntuserver1204:~# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2449K 2659M ufw-before-logging-input all -- any any anywhere anywhere
2449K 2659M ufw-before-input all -- any any anywhere anywhere
5100 195K ufw-after-input all -- any any anywhere anywhere
5038 186K ufw-after-logging-input all -- any any anywhere anywhere
5038 186K ufw-reject-input all -- any any anywhere anywhere
5038 186K ufw-track-input all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all -- any any anywhere anywhere
0 0 ufw-before-forward all -- any any anywhere anywhere
0 0 ufw-after-forward all -- any any anywhere anywhere
0 0 ufw-after-logging-forward all -- any any anywhere anywhere
0 0 ufw-reject-forward all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2201K 163M ufw-before-logging-output all -- any any anywhere anywhere
2201K 163M ufw-before-output all -- any any anywhere anywhere
358K 29M ufw-after-output all -- any any anywhere anywhere
358K 29M ufw-after-logging-output all -- any any anywhere anywhere
358K 29M ufw-reject-output all -- any any anywhere anywhere
358K 29M ufw-track-output all -- any any anywhere anywhere
Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-ns
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-dgm
0 0 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:netbios-ssn
0 0 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:microsoft-ds
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootps
0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootpc
0 0 ufw-skip-to-policy-input all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw-user-forward all -- any any anywhere anywhere
Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
22 2230 ACCEPT all -- lo any anywhere anywhere
203 175K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ufw-logging-deny all -- any any anywhere anywhere state INVALID
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
0 0 ufw-not-local all -- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:mdns
0 0 ACCEPT udp -- any any anywhere 239.255.255.250 udp dpt:1900
0 0 ufw-user-input all -- any any anywhere anywhere
Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
22 2230 ACCEPT all -- any lo anywhere anywhere
209 28984 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
29 1798 ufw-user-output all -- any any anywhere anywhere
Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere state INVALID limit: avg 3/min burst 10
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type LOCAL
0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type MULTICAST
0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all -- any any anywhere anywhere limit: avg 3/min burst 10
0 0 DROP all -- any any anywhere anywhere
Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
19 1140 ACCEPT tcp -- any any anywhere anywhere state NEW
10 658 ACCEPT udp -- any any anywhere anywhere state NEW
Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:51413
0 0 DROP udp -- any any anywhere anywhere udp dpt:51413
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:https
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:6881
0 0 DROP udp -- any any anywhere anywhere udp dpt:6881
0 0 DROP tcp -- any any anywhere anywhere multiport dports 2234:2239
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:2242
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:2240
0 0 DROP udp -- any any anywhere anywhere udp dpt:4444
0 0 DROP tcp -- any any anywhere anywhere multiport dports 6881:6891
0 0 DROP udp -- any any anywhere anywhere multiport dports 6881:6891
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:4662
0 0 DROP udp -- any any anywhere anywhere udp dpt:4672
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:domain
0 0 DROP udp -- any any anywhere anywhere udp dpt:domain
0 0 DROP tcp -- any any anywhere anywhere tcp dpt:ipp /* 'dapp_CUPS' */
0 0 DROP udp -- any any anywhere anywhere udp dpt:ipp /* 'dapp_CUPS' */
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
1
задан ipTables_Newbie1989
3 July 2013 в 00:54
поделиться