marixx
Freak
- Registriert
- 16. Mai 2009
- Beiträge
- 277
- Reaktionspunkte
- 29
- Punkte
- 88
Als Newbie in diesem Gebiet habe ich mit der Anleitung von Osprey "Firewall für euren Server sehr einfach Newbie geeignet" die Firewall in meinem Server eingerichtet.
Nach Eingabe von iptables -L kommt:
ist das so ok?
Frage zum Port ändern:
Kann ich einfach in der Datei /etc/iptables.rules einen Port ändern speichern und rebooten.
Ist dann der geänderte port aktiv oder geht das nicht so einfach?
Nach Eingabe von iptables -L kommt:
root@xyz:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:12345
ACCEPT udp -- anywhere anywhere udp dpt:67891
ACCEPT tcp -- anywhere anywhere tcp dpt:10105
ACCEPT tcp -- anywhere anywhere tcp dpt:20205
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 91.213.50.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 43.154.51.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 195.161.68.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 45.61.184.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 106.13.50.2xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 164.92.145.3xx anywhere reject-with icmp-port-unreachable
REJECT all -- 180.76.138.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 163-172-87-xxx.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 223-197-125-xxx.static.imsbiz.com anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:12345
ACCEPT udp -- anywhere anywhere udp dpt:67891
ACCEPT tcp -- anywhere anywhere tcp dpt:10105
ACCEPT tcp -- anywhere anywhere tcp dpt:20205
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 91.213.50.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 43.154.51.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 195.161.68.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 45.61.184.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xxx anywhere reject-with icmp-port-unreachable
REJECT all -- 106.13.50.2xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 164.92.145.3xx anywhere reject-with icmp-port-unreachable
REJECT all -- 180.76.138.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 163-172-87-xxx.rev.poneytelecom.eu anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.173.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
REJECT all -- 223-197-125-xxx.static.imsbiz.com anywhere reject-with icmp-port-unreachable
REJECT all -- 61.177.172.xx anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
ist das so ok?
Frage zum Port ändern:
Kann ich einfach in der Datei /etc/iptables.rules einen Port ändern speichern und rebooten.
Ist dann der geänderte port aktiv oder geht das nicht so einfach?