marixx
Freak
- Registriert
- 16. Mai 2009
- Beiträge
- 277
- Reaktionspunkte
- 29
- Punkte
- 315
Als Newbie in diesem Gebiet habe ich mit der Anleitung von Osprey "Firewall für euren Server sehr einfach Newbie geeignet" die Firewall in meinem Server eingerichtet.
Nach Eingabe von iptables -L kommt:
ist das so ok?
Frage zum Port ändern:
Kann ich einfach in der Datei /etc/iptables.rules einen Port ändern speichern und rebooten.
Ist dann der geänderte port aktiv oder geht das nicht so einfach?
Nach Eingabe von iptables -L kommt:
root@xyz:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:12345
ACCEPT udp -- anywhere anywhere udp dpt:67891
ACCEPT tcp -- anywhere anywhere tcp dpt:10105
ACCEPT tcp -- anywhere anywhere tcp dpt:20205
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 91.213.50.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 43.154.51.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 195.161.68.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 45.61.184.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 106.13.50.2xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 164.92.145.3xx anywhere reject-with icmp-port-unreachable
REJECT all -- 180.76.138.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 163-172-87-xxx.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 223-197-125-xxx.static.imsbiz.com anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:12345
ACCEPT udp -- anywhere anywhere udp dpt:67891
ACCEPT tcp -- anywhere anywhere tcp dpt:10105
ACCEPT tcp -- anywhere anywhere tcp dpt:20205
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 91.213.50.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 43.154.51.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 195.161.68.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 45.61.184.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 106.13.50.2xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 164.92.145.3xx anywhere reject-with icmp-port-unreachable
REJECT all -- 180.76.138.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 163-172-87-xxx.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 223-197-125-xxx.static.imsbiz.com anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
ist das so ok?
Frage zum Port ändern:
Kann ich einfach in der Datei /etc/iptables.rules einen Port ändern speichern und rebooten.
Ist dann der geänderte port aktiv oder geht das nicht so einfach?