Difference between revisions of "SSH"
From dbawiki
(→References) |
|||
| Line 11: | Line 11: | ||
* [http://www.revsys.com/writings/quicktips/ssh-tunnel.html http://www.revsys.com/writings/quicktips/ssh-tunnel.html] | * [http://www.revsys.com/writings/quicktips/ssh-tunnel.html http://www.revsys.com/writings/quicktips/ssh-tunnel.html] | ||
* [http://serverfault.com/questions/33283/how-to-setup-ssh-tunnel-to-forward-ssh?rq=1 how-to-setup-ssh-tunnel-to-forward-ssh] | * [http://serverfault.com/questions/33283/how-to-setup-ssh-tunnel-to-forward-ssh?rq=1 how-to-setup-ssh-tunnel-to-forward-ssh] | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> telnet 207.129.217.26 22 | ||
| + | Trying 207.129.217.26... | ||
| + | Connected to 207.129.217.26. | ||
| + | Escape character is '^]'. | ||
| + | SSH-2.0-OpenSSH_6.0 | ||
| + | ^C | ||
| + | Connection closed by foreign host. | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> netstat -an | grep 207 | ||
| + | tcp 0 0 9.36.153.84:32904 9.36.207.26:22 ESTABLISHED | ||
| + | unix 3 [ ] STREAM CONNECTED 20726525 /home/bey9at77/.pulse/202b121052083db8500c6fc00000001c-runtime/native | ||
| + | unix 3 [ ] STREAM CONNECTED 20726524 | ||
| + | unix 3 [ ] STREAM CONNECTED 5037207 /home/bey9at77/.pulse/202b121052083db8500c6fc00000001c-runtime/native | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> /sbin/ifconfig | ||
| + | eth1 Link encap:Ethernet HWaddr 00:21:CC:65:A3:65 | ||
| + | UP BROADCAST MULTICAST MTU:1500 Metric:1 | ||
| + | RX packets:1250962 errors:0 dropped:0 overruns:0 frame:0 | ||
| + | TX packets:975839 errors:0 dropped:0 overruns:0 carrier:0 | ||
| + | collisions:0 txqueuelen:1000 | ||
| + | RX bytes:823202227 (785.0 MiB) TX bytes:187253577 (178.5 MiB) | ||
| + | Interrupt:20 Memory:f2500000-f2520000 | ||
| + | |||
| + | lo Link encap:Local Loopback | ||
| + | inet addr:127.0.0.1 Mask:255.0.0.0 | ||
| + | UP LOOPBACK RUNNING MTU:65536 Metric:1 | ||
| + | RX packets:548763 errors:0 dropped:0 overruns:0 frame:0 | ||
| + | TX packets:548763 errors:0 dropped:0 overruns:0 carrier:0 | ||
| + | collisions:0 txqueuelen:0 | ||
| + | RX bytes:275281528 (262.5 MiB) TX bytes:275281528 (262.5 MiB) | ||
| + | |||
| + | virbr0 Link encap:Ethernet HWaddr 52:54:00:FD:BE:C9 | ||
| + | inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 | ||
| + | UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 | ||
| + | RX packets:119495 errors:0 dropped:0 overruns:0 frame:0 | ||
| + | TX packets:173181 errors:0 dropped:0 overruns:0 carrier:0 | ||
| + | collisions:0 txqueuelen:0 | ||
| + | RX bytes:11358048 (10.8 MiB) TX bytes:188176715 (179.4 MiB) | ||
| + | |||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -L | ||
| + | [sudo] password for bey9at77: | ||
| + | Chain INPUT (policy DROP) | ||
| + | target prot opt source destination | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED | ||
| + | ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED | ||
| + | REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:cfengine | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:ssh | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:vnc-server | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:5901 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:https | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:5656 | ||
| + | ACCEPT udp -- anywhere anywhere udp dpts:avt-profile-1:avt-profile-2 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpts:avt-profile-1:avt-profile-2 | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:20830 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:20830 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpts:sip:na-localise | ||
| + | ACCEPT udp -- anywhere anywhere udp dpts:sip:na-localise | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:12080 | ||
| + | ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:21100 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:dc | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:wizard | ||
| + | ACCEPT ah -- anywhere anywhere | ||
| + | ACCEPT esp -- anywhere anywhere | ||
| + | ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp | ||
| + | ACCEPT 254 -- anywhere anywhere | ||
| + | ACCEPT icmp -- anywhere anywhere icmp destination-unreachable | ||
| + | ACCEPT icmp -- anywhere anywhere icmp source-quench | ||
| + | ACCEPT icmp -- anywhere anywhere icmp time-exceeded | ||
| + | ACCEPT icmp -- anywhere anywhere icmp parameter-problem | ||
| + | ACCEPT icmp -- anywhere anywhere icmp router-advertisement | ||
| + | ACCEPT icmp -- anywhere anywhere icmp echo-request | ||
| + | ACCEPT icmp -- anywhere anywhere icmp echo-reply | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:ipp | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:virtual-places | ||
| + | ACCEPT udp -- anywhere anywhere state NEW udp dpt:52311 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30005 | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:bootps:bootpc | ||
| + | DROP udp -- anywhere anywhere udp dpts:bootps:bootpc | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:netbios-ns | ||
| + | DROP udp -- anywhere anywhere udp dpt:netbios-ns | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm | ||
| + | DROP udp -- anywhere anywhere udp dpt:netbios-dgm | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn | ||
| + | DROP udp -- anywhere anywhere udp dpt:netbios-ssn | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:tcpmux:ftp-data | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:sunrpc | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:snmp:snmptrap | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:efs | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:6348:6349 | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:6345:gnutella-rtr | ||
| + | ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:proxima-lm | ||
| + | ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:proxima-lm | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:48500 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:48500 | ||
| + | LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' | ||
| + | LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' | ||
| + | DROP all -- anywhere anywhere | ||
| + | |||
| + | Chain FORWARD (policy DROP) | ||
| + | target prot opt source destination | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | ACCEPT all -- 192.168.122.0/24 anywhere | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU | ||
| + | ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | ACCEPT all -- 192.168.122.0/24 anywhere | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | ACCEPT all -- anywhere 192.168.123.0/24 state RELATED,ESTABLISHED | ||
| + | ACCEPT all -- 192.168.123.0/24 anywhere | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT) | ||
| + | target prot opt source destination | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:localhost:1521 207.129.217.26 | ||
| + | The authenticity of host '207.129.217.26 (207.129.217.26)' can't be established. | ||
| + | RSA key fingerprint is 2d:70:2e:b4:12:48:e9:20:fd:b0:de:b1:b4:67:41:1f. | ||
| + | Are you sure you want to continue connecting (yes/no)? yes | ||
| + | Warning: Permanently added '207.129.217.26' (RSA) to the list of known hosts. | ||
| + | [email protected]'s password: | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:localhost:9099 ehemgtaix -N | ||
| + | The authenticity of host 'ehemgtaix (207.129.107.120)' can't be established. | ||
| + | RSA key fingerprint is 63:0a:a8:27:99:1f:32:73:8e:94:22:cd:80:b3:73:10. | ||
| + | Are you sure you want to continue connecting (yes/no)? yes | ||
| + | Warning: Permanently added 'ehemgtaix,207.129.107.120' (RSA) to the list of known hosts. | ||
| + | bey9at77@ehemgtaix's password: | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:192.168.122.1:9099 exs4bars@ehemgtaix -N | ||
| + | channel 1: open failed: connect failed: A remote host did not respond within the timeout period. | ||
| + | channel 2: open failed: connect failed: A remote host did not respond within the timeout period. | ||
| + | Connection to ehemgtaix closed by remote host. | ||
| + | You have new mail in /var/spool/mail/bey9at77 | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 | ||
| + | ssh: connect to host 192.168.122.1 port 1521: Connection refused | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -A INPUT -i virbr0 -p tcp --dport 1521 -j ACCEPT | ||
| + | [sudo] password for bey9at77: | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 | ||
| + | ssh: connect to host 192.168.122.1 port 1521: Connection refused | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -L | ||
| + | Chain INPUT (policy DROP) | ||
| + | target prot opt source destination | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:bootps | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:bootps | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:domain | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED | ||
| + | ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED | ||
| + | REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:cfengine | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:ssh | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:vnc-server | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:5901 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:https | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:5656 | ||
| + | ACCEPT udp -- anywhere anywhere udp dpts:avt-profile-1:avt-profile-2 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpts:avt-profile-1:avt-profile-2 | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:20830 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:20830 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpts:sip:na-localise | ||
| + | ACCEPT udp -- anywhere anywhere udp dpts:sip:na-localise | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:12080 | ||
| + | ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain | ||
| + | ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain | ||
| + | ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:21100 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:dc | ||
| + | ACCEPT udp -- anywhere anywhere udp dpt:wizard | ||
| + | ACCEPT ah -- anywhere anywhere | ||
| + | ACCEPT esp -- anywhere anywhere | ||
| + | ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp | ||
| + | ACCEPT 254 -- anywhere anywhere | ||
| + | ACCEPT icmp -- anywhere anywhere icmp destination-unreachable | ||
| + | ACCEPT icmp -- anywhere anywhere icmp source-quench | ||
| + | ACCEPT icmp -- anywhere anywhere icmp time-exceeded | ||
| + | ACCEPT icmp -- anywhere anywhere icmp parameter-problem | ||
| + | ACCEPT icmp -- anywhere anywhere icmp router-advertisement | ||
| + | ACCEPT icmp -- anywhere anywhere icmp echo-request | ||
| + | ACCEPT icmp -- anywhere anywhere icmp echo-reply | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:ipp | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:virtual-places | ||
| + | ACCEPT udp -- anywhere anywhere state NEW udp dpt:52311 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30005 | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:bootps:bootpc | ||
| + | DROP udp -- anywhere anywhere udp dpts:bootps:bootpc | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:netbios-ns | ||
| + | DROP udp -- anywhere anywhere udp dpt:netbios-ns | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm | ||
| + | DROP udp -- anywhere anywhere udp dpt:netbios-dgm | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn | ||
| + | DROP udp -- anywhere anywhere udp dpt:netbios-ssn | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:tcpmux:ftp-data | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:sunrpc | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:snmp:snmptrap | ||
| + | DROP tcp -- anywhere anywhere tcp dpt:efs | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:6348:6349 | ||
| + | DROP tcp -- anywhere anywhere tcp dpts:6345:gnutella-rtr | ||
| + | ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:proxima-lm | ||
| + | ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:microsoft-ds | ||
| + | ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:proxima-lm | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:48500 | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:48500 | ||
| + | LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' | ||
| + | LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' | ||
| + | DROP all -- anywhere anywhere | ||
| + | ACCEPT tcp -- anywhere anywhere tcp dpt:ncube-lm | ||
| + | |||
| + | Chain FORWARD (policy DROP) | ||
| + | target prot opt source destination | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | ACCEPT all -- 192.168.122.0/24 anywhere | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU | ||
| + | ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | ACCEPT all -- 192.168.122.0/24 anywhere | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | ACCEPT all -- anywhere 192.168.123.0/24 state RELATED,ESTABLISHED | ||
| + | ACCEPT all -- 192.168.123.0/24 anywhere | ||
| + | ACCEPT all -- anywhere anywhere | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | REJECT all -- anywhere anywhere reject-with icmp-port-unreachable | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT) | ||
| + | target prot opt source destination | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> grep 1521 /etc/services | ||
| + | ncube-lm 1521/tcp # nCube License Manager | ||
| + | ncube-lm 1521/udp # nCube License Manager | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -n -L -v --line-numbers | ||
| + | Chain INPUT (policy DROP 0 packets, 0 bytes) | ||
| + | num pkts bytes target prot opt in out source destination | ||
| + | 1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 5 6665 477K ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 7 110 36134 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 9 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 | ||
| + | 10 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | ||
| + | 11 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | ||
| + | 12 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | ||
| + | 13 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 14 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 15 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 16 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 17 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 | ||
| + | 18 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | ||
| + | 19 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | ||
| + | 20 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | ||
| + | 21 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 22 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 23 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 24 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 25 640K 300M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 26 1526K 1015M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | ||
| + | 27 33099 3880K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | ||
| + | 28 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable | ||
| + | 29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5308 | ||
| + | 30 3 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 | ||
| + | 31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 | ||
| + | 32 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 | ||
| + | 33 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 | ||
| + | 34 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5656 | ||
| + | 35 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5004:5005 | ||
| + | 36 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5004:5005 | ||
| + | 37 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20830 | ||
| + | 38 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20830 | ||
| + | 39 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5060:5062 | ||
| + | 40 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5062 | ||
| + | 41 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12080 | ||
| + | 42 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 | ||
| + | 43 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 | ||
| + | 44 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 | ||
| + | 45 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21100 | ||
| + | 46 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2001 | ||
| + | 47 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2001 | ||
| + | 48 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 49 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 50 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:500 | ||
| + | 51 0 0 ACCEPT 254 -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 52 37 3310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 | ||
| + | 53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 | ||
| + | 54 912 61240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 | ||
| + | 55 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 | ||
| + | 56 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 | ||
| + | 57 3746 225K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 | ||
| + | 58 93 4400 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 | ||
| + | 59 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 | ||
| + | 60 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 | ||
| + | 61 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1533 | ||
| + | 62 160 8120 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:52311 | ||
| + | 63 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30005 | ||
| + | 64 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68 | ||
| + | 65 2175 714K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 | ||
| + | 66 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 | ||
| + | 67 71334 5594K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | ||
| + | 68 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 | ||
| + | 69 4358 974K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | ||
| + | 70 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | ||
| + | 71 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 | ||
| + | 72 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:20 | ||
| + | 73 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 | ||
| + | 74 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:161:162 | ||
| + | 75 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 | ||
| + | 76 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6348:6349 | ||
| + | 77 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6345:6347 | ||
| + | 78 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:445 | ||
| + | 79 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:1445 | ||
| + | 80 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:445 | ||
| + | 81 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:1445 | ||
| + | 82 1222 63544 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 | ||
| + | 83 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 | ||
| + | 84 3878 177K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' | ||
| + | 85 6981 648K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' | ||
| + | 86 47429 4007K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 87 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 | ||
| + | |||
| + | Chain FORWARD (policy DROP 0 packets, 0 bytes) | ||
| + | num pkts bytes target prot opt in out source destination | ||
| + | 1 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 | ||
| + | 2 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 3 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 4 116K 183M ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | 5 95393 9448K ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 | ||
| + | 6 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 | ||
| + | 7 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 8 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 9 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU | ||
| + | 10 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | 11 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 | ||
| + | 12 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 | ||
| + | 13 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 14 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 15 0 0 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.123.0/24 state RELATED,ESTABLISHED | ||
| + | 16 0 0 ACCEPT all -- virbr1 * 192.168.123.0/24 0.0.0.0/0 | ||
| + | 17 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 | ||
| + | 18 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 19 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT 2917 packets, 253K bytes) | ||
| + | num pkts bytes target prot opt in out source destination | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -I INPUT 78 -i virbr0 -p tcp --dport 1521 -j ACCEPT | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -n -L -v --line-numbers | ||
| + | Chain INPUT (policy DROP 0 packets, 0 bytes) | ||
| + | num pkts bytes target prot opt in out source destination | ||
| + | 1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 5 6670 477K ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 7 111 36462 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 9 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 | ||
| + | 10 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | ||
| + | 11 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | ||
| + | 12 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | ||
| + | 13 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 14 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 15 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 16 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 17 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 | ||
| + | 18 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | ||
| + | 19 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | ||
| + | 20 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | ||
| + | 21 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 | ||
| + | 22 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 | ||
| + | 23 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 | ||
| + | 24 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 | ||
| + | 25 642K 300M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 26 1526K 1015M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | ||
| + | 27 33107 3881K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED | ||
| + | 28 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable | ||
| + | 29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5308 | ||
| + | 30 3 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 | ||
| + | 31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 | ||
| + | 32 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 | ||
| + | 33 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 | ||
| + | 34 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5656 | ||
| + | 35 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5004:5005 | ||
| + | 36 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5004:5005 | ||
| + | 37 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20830 | ||
| + | 38 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20830 | ||
| + | 39 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5060:5062 | ||
| + | 40 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5062 | ||
| + | 41 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12080 | ||
| + | 42 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 | ||
| + | 43 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 | ||
| + | 44 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 | ||
| + | 45 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21100 | ||
| + | 46 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2001 | ||
| + | 47 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2001 | ||
| + | 48 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 49 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 50 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:500 | ||
| + | 51 0 0 ACCEPT 254 -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 52 37 3310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 | ||
| + | 53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 | ||
| + | 54 912 61240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 | ||
| + | 55 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 | ||
| + | 56 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 | ||
| + | 57 3749 225K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 | ||
| + | 58 93 4400 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 | ||
| + | 59 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 | ||
| + | 60 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 | ||
| + | 61 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1533 | ||
| + | 62 160 8120 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:52311 | ||
| + | 63 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30005 | ||
| + | 64 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68 | ||
| + | 65 2175 714K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 | ||
| + | 66 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 | ||
| + | 67 71334 5594K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 | ||
| + | 68 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 | ||
| + | 69 4358 974K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 | ||
| + | 70 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 | ||
| + | 71 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 | ||
| + | 72 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:20 | ||
| + | 73 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 | ||
| + | 74 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:161:162 | ||
| + | 75 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 | ||
| + | 76 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6348:6349 | ||
| + | 77 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6345:6347 | ||
| + | 78 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 | ||
| + | 79 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:445 | ||
| + | 80 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:1445 | ||
| + | 81 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:445 | ||
| + | 82 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:1445 | ||
| + | 83 1223 63596 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 | ||
| + | 84 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 | ||
| + | 85 3879 177K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' | ||
| + | 86 6981 648K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' | ||
| + | 87 47430 4007K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 | ||
| + | 88 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 | ||
| + | |||
| + | Chain FORWARD (policy DROP 0 packets, 0 bytes) | ||
| + | num pkts bytes target prot opt in out source destination | ||
| + | 1 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 | ||
| + | 2 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 3 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 4 116K 183M ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | 5 95444 9455K ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 | ||
| + | 6 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 | ||
| + | 7 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 8 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 9 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU | ||
| + | 10 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED | ||
| + | 11 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 | ||
| + | 12 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 | ||
| + | 13 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 14 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 15 0 0 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.123.0/24 state RELATED,ESTABLISHED | ||
| + | 16 0 0 ACCEPT all -- virbr1 * 192.168.123.0/24 0.0.0.0/0 | ||
| + | 17 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 | ||
| + | 18 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | 19 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable | ||
| + | |||
| + | Chain OUTPUT (policy ACCEPT 73 packets, 5937 bytes) | ||
| + | num pkts bytes target prot opt in out source destination | ||
| + | (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 | ||
| + | ssh: connect to host 192.168.122.1 port 1521: Connection refused | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | </pre> | ||
Revision as of 09:58, 22 October 2015
How to set up SSH so I don't have to type a password
Tunneling
Building an SSH tunnel can be very useful for working on the other side of firewalls.
- chaining-ssh-tunnels - anattatechnologies
- howto-use-toad-over-an-ssh-tunnel
- connect-to-oracle-database-11g-server-through-ssh-tunnel
References
- http://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
- http://en.wikipedia.org/wiki/Tunneling_protocol
- http://www.revsys.com/writings/quicktips/ssh-tunnel.html
- how-to-setup-ssh-tunnel-to-forward-ssh
(0)bey9at77@my_PC:/home/bey9at77/scripts> telnet 207.129.217.26 22 Trying 207.129.217.26... Connected to 207.129.217.26. Escape character is '^]'. SSH-2.0-OpenSSH_6.0 ^C Connection closed by foreign host. (0)bey9at77@my_PC:/home/bey9at77/scripts> netstat -an | grep 207 tcp 0 0 9.36.153.84:32904 9.36.207.26:22 ESTABLISHED unix 3 [ ] STREAM CONNECTED 20726525 /home/bey9at77/.pulse/202b121052083db8500c6fc00000001c-runtime/native unix 3 [ ] STREAM CONNECTED 20726524 unix 3 [ ] STREAM CONNECTED 5037207 /home/bey9at77/.pulse/202b121052083db8500c6fc00000001c-runtime/native
(0)bey9at77@my_PC:/home/bey9at77/scripts> /sbin/ifconfig
eth1 Link encap:Ethernet HWaddr 00:21:CC:65:A3:65
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1250962 errors:0 dropped:0 overruns:0 frame:0
TX packets:975839 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:823202227 (785.0 MiB) TX bytes:187253577 (178.5 MiB)
Interrupt:20 Memory:f2500000-f2520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:548763 errors:0 dropped:0 overruns:0 frame:0
TX packets:548763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:275281528 (262.5 MiB) TX bytes:275281528 (262.5 MiB)
virbr0 Link encap:Ethernet HWaddr 52:54:00:FD:BE:C9
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:119495 errors:0 dropped:0 overruns:0 frame:0
TX packets:173181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11358048 (10.8 MiB) TX bytes:188176715 (179.4 MiB)
(0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -L [sudo] password for bey9at77: Chain INPUT (policy DROP) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:cfengine ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:vnc-server ACCEPT tcp -- anywhere anywhere tcp dpt:5901 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:5656 ACCEPT udp -- anywhere anywhere udp dpts:avt-profile-1:avt-profile-2 ACCEPT tcp -- anywhere anywhere tcp dpts:avt-profile-1:avt-profile-2 ACCEPT udp -- anywhere anywhere udp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpts:sip:na-localise ACCEPT udp -- anywhere anywhere udp dpts:sip:na-localise ACCEPT tcp -- anywhere anywhere tcp dpt:12080 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:21100 ACCEPT tcp -- anywhere anywhere tcp dpt:dc ACCEPT udp -- anywhere anywhere udp dpt:wizard ACCEPT ah -- anywhere anywhere ACCEPT esp -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp ACCEPT 254 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp router-advertisement ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:virtual-places ACCEPT udp -- anywhere anywhere state NEW udp dpt:52311 ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30005 DROP tcp -- anywhere anywhere tcp dpts:bootps:bootpc DROP udp -- anywhere anywhere udp dpts:bootps:bootpc DROP tcp -- anywhere anywhere tcp dpt:netbios-ns DROP udp -- anywhere anywhere udp dpt:netbios-ns DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm DROP udp -- anywhere anywhere udp dpt:netbios-dgm DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn DROP udp -- anywhere anywhere udp dpt:netbios-ssn DROP tcp -- anywhere anywhere tcp dpts:tcpmux:ftp-data DROP tcp -- anywhere anywhere tcp dpt:sunrpc DROP tcp -- anywhere anywhere tcp dpts:snmp:snmptrap DROP tcp -- anywhere anywhere tcp dpt:efs DROP tcp -- anywhere anywhere tcp dpts:6348:6349 DROP tcp -- anywhere anywhere tcp dpts:6345:gnutella-rtr ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere anywhere tcp dpt:48500 ACCEPT tcp -- anywhere anywhere tcp dpt:48500 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.123.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.123.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:localhost:1521 207.129.217.26 The authenticity of host '207.129.217.26 (207.129.217.26)' can't be established. RSA key fingerprint is 2d:70:2e:b4:12:48:e9:20:fd:b0:de:b1:b4:67:41:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '207.129.217.26' (RSA) to the list of known hosts. [email protected]'s password:
(0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:localhost:9099 ehemgtaix -N The authenticity of host 'ehemgtaix (207.129.107.120)' can't be established. RSA key fingerprint is 63:0a:a8:27:99:1f:32:73:8e:94:22:cd:80:b3:73:10. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ehemgtaix,207.129.107.120' (RSA) to the list of known hosts. bey9at77@ehemgtaix's password:
(0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:192.168.122.1:9099 exs4bars@ehemgtaix -N channel 1: open failed: connect failed: A remote host did not respond within the timeout period. channel 2: open failed: connect failed: A remote host did not respond within the timeout period. Connection to ehemgtaix closed by remote host. You have new mail in /var/spool/mail/bey9at77
(0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 ssh: connect to host 192.168.122.1 port 1521: Connection refused
(0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -A INPUT -i virbr0 -p tcp --dport 1521 -j ACCEPT [sudo] password for bey9at77: (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 ssh: connect to host 192.168.122.1 port 1521: Connection refused
(0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:cfengine ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:vnc-server ACCEPT tcp -- anywhere anywhere tcp dpt:5901 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:5656 ACCEPT udp -- anywhere anywhere udp dpts:avt-profile-1:avt-profile-2 ACCEPT tcp -- anywhere anywhere tcp dpts:avt-profile-1:avt-profile-2 ACCEPT udp -- anywhere anywhere udp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpts:sip:na-localise ACCEPT udp -- anywhere anywhere udp dpts:sip:na-localise ACCEPT tcp -- anywhere anywhere tcp dpt:12080 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:21100 ACCEPT tcp -- anywhere anywhere tcp dpt:dc ACCEPT udp -- anywhere anywhere udp dpt:wizard ACCEPT ah -- anywhere anywhere ACCEPT esp -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp ACCEPT 254 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp router-advertisement ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:virtual-places ACCEPT udp -- anywhere anywhere state NEW udp dpt:52311 ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30005 DROP tcp -- anywhere anywhere tcp dpts:bootps:bootpc DROP udp -- anywhere anywhere udp dpts:bootps:bootpc DROP tcp -- anywhere anywhere tcp dpt:netbios-ns DROP udp -- anywhere anywhere udp dpt:netbios-ns DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm DROP udp -- anywhere anywhere udp dpt:netbios-dgm DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn DROP udp -- anywhere anywhere udp dpt:netbios-ssn DROP tcp -- anywhere anywhere tcp dpts:tcpmux:ftp-data DROP tcp -- anywhere anywhere tcp dpt:sunrpc DROP tcp -- anywhere anywhere tcp dpts:snmp:snmptrap DROP tcp -- anywhere anywhere tcp dpt:efs DROP tcp -- anywhere anywhere tcp dpts:6348:6349 DROP tcp -- anywhere anywhere tcp dpts:6345:gnutella-rtr ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere anywhere tcp dpt:48500 ACCEPT tcp -- anywhere anywhere tcp dpt:48500 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' DROP all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ncube-lm Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.123.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.123.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> grep 1521 /etc/services ncube-lm 1521/tcp # nCube License Manager ncube-lm 1521/udp # nCube License Manager (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -n -L -v --line-numbers Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 5 6665 477K ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 7 110 36134 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 9 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 10 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 11 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 12 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 13 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 14 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 15 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 16 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 17 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 18 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 19 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 20 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 21 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 22 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 23 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 24 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 25 640K 300M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 26 1526K 1015M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 27 33099 3880K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 28 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable 29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5308 30 3 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 32 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 33 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 34 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5656 35 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5004:5005 36 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5004:5005 37 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20830 38 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20830 39 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5060:5062 40 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5062 41 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12080 42 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 43 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 44 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 45 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21100 46 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2001 47 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2001 48 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 49 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 50 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:500 51 0 0 ACCEPT 254 -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 52 37 3310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 54 912 61240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 55 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 56 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 57 3746 225K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 58 93 4400 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 59 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 60 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 61 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1533 62 160 8120 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:52311 63 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30005 64 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68 65 2175 714K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 66 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 67 71334 5594K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 68 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 69 4358 974K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 70 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 71 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 72 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:20 73 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 74 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:161:162 75 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 76 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6348:6349 77 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6345:6347 78 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:445 79 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:1445 80 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:445 81 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:1445 82 1222 63544 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 83 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 84 3878 177K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 85 6981 648K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 86 47429 4007K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 87 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 2 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 3 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 4 116K 183M ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 5 95393 9448K ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 6 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 7 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 8 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 9 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 10 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 11 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 12 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 13 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 14 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 15 0 0 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.123.0/24 state RELATED,ESTABLISHED 16 0 0 ACCEPT all -- virbr1 * 192.168.123.0/24 0.0.0.0/0 17 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 18 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 19 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 2917 packets, 253K bytes) num pkts bytes target prot opt in out source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -I INPUT 78 -i virbr0 -p tcp --dport 1521 -j ACCEPT (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -n -L -v --line-numbers Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 5 6670 477K ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 7 111 36462 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 9 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 10 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 11 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 12 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 13 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 14 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 15 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 16 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 17 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 18 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 19 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 20 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 21 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 22 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 23 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 24 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 25 642K 300M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 26 1526K 1015M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 27 33107 3881K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 28 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable 29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5308 30 3 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 32 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 33 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 34 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5656 35 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5004:5005 36 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5004:5005 37 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20830 38 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20830 39 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5060:5062 40 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5062 41 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12080 42 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 43 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 44 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 45 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21100 46 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2001 47 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2001 48 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 49 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 50 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:500 51 0 0 ACCEPT 254 -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 52 37 3310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 54 912 61240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 55 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 56 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 57 3749 225K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 58 93 4400 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 59 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 60 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 61 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1533 62 160 8120 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:52311 63 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30005 64 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68 65 2175 714K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 66 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 67 71334 5594K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 68 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 69 4358 974K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 70 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 71 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 72 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:20 73 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 74 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:161:162 75 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 76 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6348:6349 77 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6345:6347 78 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 79 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:445 80 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:1445 81 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:445 82 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:1445 83 1223 63596 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 84 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 85 3879 177K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 86 6981 648K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 87 47430 4007K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 88 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 2 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 3 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 4 116K 183M ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 5 95444 9455K ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 6 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 7 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 8 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 9 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 10 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 11 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 12 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 13 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 14 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 15 0 0 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.123.0/24 state RELATED,ESTABLISHED 16 0 0 ACCEPT all -- virbr1 * 192.168.123.0/24 0.0.0.0/0 17 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 18 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 19 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 73 packets, 5937 bytes) num pkts bytes target prot opt in out source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 ssh: connect to host 192.168.122.1 port 1521: Connection refused
