# 4661 TCP (outgoing): Port, on which a server listens for connection (defined by server).
# 4662 TCP (outgoing and incoming): Client to client transfers.
# 4665 UDP (outgoing and incoming): Used for global server searches and global source queries. This is always Client TCP port + 3
# 4672 UDP (outgoing and incoming): Extended eMule protocol, Queue Rating, File Reask Ping, Kad. Kad will be 'firewalled' if NAT (Network Address Translation) remaps this port number.
ho abilitato secondo wiki queste porte nel mio iptables ma amule è firewalled perche???
Arno's Iptables Firewall Script v1.8.8c
-------------------------------------------------------------------------------
Sanity checks passed...OK
Detected IPTABLES module... Loading additional IPTABLES modules:
All IPTABLES modules loaded!
Configuring /proc/.... settings:
Enabling anti-spoof with rp_filter
Enabling SYN-flood protection via SYN-cookies
Disabling the logging of martians
Disabling the acception of ICMP-redirect messages
Setting the max. amount of simultaneous connections to 16384
Enabling protection against source routed packets
Setting default conntrack timeouts
Enabling reduction of the DoS'ing ability
Setting Default TTL=64
Disabling ECN (Explicit Congestion Notification)
Enabling support for dynamic IP's
Flushing route table
/proc/ setup done...
Flushing rules in the filter table
Setting default (secure) policies
Using loglevel "info" for syslogd
Setting up firewall rules:
-------------------------------------------------------------------------------
Accepting packets from the local loopback device
Enabling setting the maximum packet size via MSS
Enabling mangling TOS
Logging of stealth scans (nmap probes etc.) enabled
Logging of packets with bad TCP-flags enabled
Logging of INVALID packets disabled
Logging of fragmented packets enabled
Logging of access from reserved addresses enabled
Setting up anti-spoof rules
Reading custom IPTABLES rules from /etc/arno-iptables-firewall/custom-rules
Loading (user) plugins
Setting up INPUT policy for the external net (INET):
Enabling support for a DHCP assigned IP on external interface(s): eth0
Logging of explicitly blocked hosts enabled
Logging of denied local output connections enabled
Packets will NOT be checked for private source addresses
Allowing the whole world to connect to TCP port(s): 4662
Allowing the whole world to connect to UDP port(s): 4665 4672 8767Denying the whole world to send ICMP-requests(ping)
Logging of dropped ICMP-request(ping) packets enabled
Logging of dropped other ICMP packets enabled
Logging of possible stealth scans enabled
Logging of (other) connection attempts to PRIVILEGED TCP ports enabled
Logging of (other) connection attempts to PRIVILEGED UDP ports enabled
Logging of (other) connection attempts to UNPRIVILEGED TCP ports enabled
Logging of (other) connection attempts to UNPRIVILEGED UDP ports enabled
Logging of other IP protocols (non TCP/UDP/ICMP) connection attempts enabled
Logging of ICMP flooding enabled
Applying INET policy to external (INET) interface: eth0 (without an external subnet specified)
Security is ENFORCED for external interface(s) in the FORWARD chain
Jan 01 2:19:52 All firewall rules applied.
debian:/home/carcass# iptables -n -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED tcp d
pts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED udp d
pts:1024:65535
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED
HOST_BLOCK 0 -- 0.0.0.0/0 0.0.0.0/0
SPOOF_CHK 0 -- 0.0.0.0/0 0.0.0.0/0
VALID_CHK 0 -- 0.0.0.0/0 0.0.0.0/0
EXT_INPUT_CHAIN !icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
EXT_INPUT_CHAIN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW lim
it: avg 20/sec burst 100
EXT_ICMP_CHAIN icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec bu
rst 5 LOG flags 0 level 6 prefix `Dropped INPUT packet: '
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02
TCPMSS clamp to PMTU
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state RELATED tcp d
pts:1024:65535
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state RELATED udp d
pts:1024:65535
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED
HOST_BLOCK 0 -- 0.0.0.0/0 0.0.0.0/0
SPOOF_CHK 0 -- 0.0.0.0/0 0.0.0.0/0
VALID_CHK 0 -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min bu
rst 3 LOG flags 0 level 6 prefix `Dropped FORWARD packet: '
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02
TCPMSS clamp to PMTU
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
LOG 0 -f 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min bu
rst 5 LOG flags 0 level 6 prefix `FRAGMENTED PACKET (OUT): '
DROP 0 -f 0.0.0.0/0 0.0.0.0/0
EXT_OUTPUT_CHAIN 0 -- 0.0.0.0/0 0.0.0.0/0
Chain EXT_ICMP_CHAIN (1 references)
target prot opt source destination
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-request(ping) flood: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-unreachable flood: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-source-quench flood: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-time-exceeded flood: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-param.-problem flood: '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 limit: avg 12/hour
burst 1 LOG flags 0 level 6 prefix `ICMP(other) flood: '
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
Chain EXT_INPUT_CHAIN (2 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:0 limit: av
g 6/hour burst 1 LOG flags 0 level 6 prefix `TCP port 0 OS fingerprint: '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:0 limit: av
g 6/hour burst 1 LOG flags 0 level 6 prefix `UDP port 0 OS fingerprint: '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:0
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:0 limit: av
g 6/hour burst 5 LOG flags 0 level 6 prefix `TCP source port 0: '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:0 limit: av
g 6/hour burst 5 LOG flags 0 level 6 prefix `UDP source port 0: '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:0
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4665
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:4672
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:8767
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit:
avg 3/min burst 1 LOG flags 0 level 6 prefix `ICMP-request: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-unreachable: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-source-quench: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-time-exceeded: '
LOG icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 12 limit:
avg 12/hour burst 1 LOG flags 0 level 6 prefix `ICMP-param.-problem: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535
flags:!0x17/0x02 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth s
can (UNPRIV)?: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 fla
gs:!0x17/0x02 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth scan
(PRIV)?: '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x0
2
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:0:1023 lim
it: avg 6/min burst 2 LOG flags 0 level 6 prefix `Connection attempt (PRIV): '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:0:1023 lim
it: avg 6/min burst 2 LOG flags 0 level 6 prefix `Connection attempt (PRIV): '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535
limit: avg 6/min burst 2 LOG flags 0 level 6 prefix `Connection attempt (UNPRIV
): '
LOG udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535
limit: avg 6/min burst 2 LOG flags 0 level 6 prefix `Connection attempt (UNPRIV
): '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0
DROP icmp -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/min bu
rst 5 LOG flags 0 level 6 prefix `Other-IP connection attempt: '
DROP 0 -- 0.0.0.0/0 0.0.0.0/0
Chain EXT_OUTPUT_CHAIN (1 references)
target prot opt source destination
Chain HOST_BLOCK (2 references)
target prot opt source destination
Chain MAC_FILTER (0 references)
target prot opt source destination
Chain RESERVED_NET_CHK (0 references)
target prot opt source destination
LOG 0 -- 10.0.0.0/8 0.0.0.0/0 limit: avg 1/min bu
rst 1 LOG flags 0 level 6 prefix `Class A address: '
LOG 0 -- 172.16.0.0/12 0.0.0.0/0 limit: avg 1/min bu
rst 1 LOG flags 0 level 6 prefix `Class B address: '
LOG 0 -- 192.168.0.0/16 0.0.0.0/0 limit: avg 1/min bu
rst 1 LOG flags 0 level 6 prefix `Class C address: '
LOG 0 -- 169.254.0.0/16 0.0.0.0/0 limit: avg 1/min bu
rst 1 LOG flags 0 level 6 prefix `Class M$ address: '
DROP 0 -- 10.0.0.0/8 0.0.0.0/0
DROP 0 -- 172.16.0.0/12 0.0.0.0/0
DROP 0 -- 192.168.0.0/16 0.0.0.0/0
DROP 0 -- 169.254.0.0/16 0.0.0.0/0
Chain SPOOF_CHK (2 references)
target prot opt source destination
RETURN 0 -- 0.0.0.0/0 0.0.0.0/0
Chain VALID_CHK (2 references)
target prot opt source destination
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth XMAS scan: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth XMAS-PSH scan: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth XMAS-ALL scan: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth FIN scan: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth SYN/RST scan: '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth SYN/FIN scan(?): '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `Stealth Null scan: '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x37
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x01
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp option=64 limit : avg 3/min burst 1 LOG flags 0 level 6 prefix `Bad TCP flag(64): '
LOG tcp -- 0.0.0.0/0 0.0.0.0/0 tcp option=128 limi t: avg 3/min burst 1 LOG flags 0 level 6 prefix `Bad TCP flag(128): '
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp option=64
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp option=128
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID
LOG 0 -f 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min bu rst 1 LOG flags 0 level 4 prefix `Fragmented packet: '
DROP 0 -f 0.0.0.0/0 0.0.0.0/0
debian:/home/carcass#
BUON ANNO
