Output del comando iptables

Segue un esempio dello stdout del comando iptables, quando si richiama la visualizzazione delle regole installate sul sitema con le relative statistiche.

In questo caso verranno visualizzate le rule e le relative statistiche delle catene di default ovvero INPUT,FORWARD ed OUTPUT [root@ululo root]# iptables -L -x -v -n --line-numbers INPUT CHAIN RULES Chain INPUT (policy DROP 125 packets, 5564 bytes) num pkts bytes target prot opt in out source destination 1 0 0 DROP all -- eth1 * xx.xx.xx.xx 0.0.0.0/0 2 0 0 DROP all -- eth1 * 10.0.0.0/8 0.0.0.0/0 3 0 0 DROP all -- eth1 * 172.16.0.0/12 0.0.0.0/0 4 0 0 DROP all -- eth1 * 192.168.0.0/16 0.0.0.0/0 5 0 0 DROP all -- eth1 * 224.0.0.0/4 0.0.0.0/0 6 0 0 DROP all -- eth1 * 240.0.0.0/5 0.0.0.0/0 7 0 0 DROP all -- eth1 * 0.0.0.0/0 127.0.0.0/8 8 0 0 ACCEPT all -- * * 127.0.0.0/8 0.0.0.0/0 9 1817 139869 ACCEPT all -- eth1 * xx.xx.xx.xx/xx 0.0.0.0/0 10 0 0 ACCEPT all -- eth1 * xx.xx.xx.xx/xx 0.0.0.0/0 11 0 0 ACCEPT icmp -- * * xx.xx.xx.xx/xx 0.0.0.0/0 12 0 0 ACCEPT icmp -- * * xx.xx.xx.xx/xx 0.0.0.0/0 13 0 0 ACCEPT udp -- eth1 * xx.xx.xx.xx 0.0.0.0/0 udp spt:53 14 0 0 ACCEPT udp -- eth1 * xx.xx.xx.xx 0.0.0.0/0 udp spt:53 15 0 0 ACCEPT tcp -- * * xx.xx.xx.xx/xx 0.0.0.0/0 tcp dpt:22 16 0 0 ACCEPT tcp -- * * xx.xx.xx.xx/x 0.0.0.0/0 tcp dpt:22 17 72 4688 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 18 0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 19 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 20 0 0 ACCEPT tcp -- * * xx.xx.xx.xx/xx 0.0.0.0/0 tcp dpt:xx 21 0 0 ACCEPT tcp -- * * xx.xx.x.xx 0.0.0.0/0 tcp dpt:xx 22 1032 142364 ACCEPT all -- eth0 * 10.0.0.0/24 0.0.0.0/0 FORWARD CHAIN RULE Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT tcp -- * * xx.xx.xx.xx/xx 0.0.0.0/0 tcp dpt:xx 2 56 4512 ACCEPT tcp -- * * xx.xx.xx.xx 0.0.0.0/0 tcp dpt:xx 3 18364 1982359 ACCEPT all -- * * 10.0.0.0/24 0.0.0.0/0 4 0 0 DROP tcp -- * * 0.0.0.0/0 10.0.0.0/24 tcp flags:0x16/0x02 5 20035 11377009 ACCEPT all -- * * 0.0.0.0/0 10.0.0.0/24 OUTPUT CHAIN RULE Chain OUTPUT (policy DROP 35 packets, 45580 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 0.0.0.0/0 127.0.0.0/8 2 0 0 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp spts:32769:65535 dpts:33434:33523 state NEW 3 1118 231400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED 4 1 73 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,ESTABLISHED 5 10 615 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 6 0 0 ACCEPT all -- * eth0 0.0.0.0/0 Visualizzazione delle rule e relative statistiche della tabella nat [root@ululo root]# iptables -L -x -v -n -t nat --line-numbers PREROUTING CHAIN RULE Chain PREROUTING (policy ACCEPT 2746 packets, 207204 bytes) num pkts bytes target prot opt in out source destination 1 6 288 DNAT tcp -- * * 0.0.0.0/0 xx.xx.xx.xx tcp dpt:xx to:xx.xx.xx.xx:xx 2 3 194 DNAT 47 -- eth1 * 0.0.0.0/0 xx.xx.xx.xx to:xx.xx.xx.xx POSTROUTING CHAIN RULE Chain POSTROUTING (policy ACCEPT 11 packets, 628 bytes) num pkts bytes target prot opt in out source destination 1 2147 116727 MASQUERADE all -- * eth1 10.0.0.0/24 0.0.0.0/0 OUTPUT CHAIN RULE Chain OUTPUT (policy ACCEPT 205 packets, 14004 bytes) num pkts bytes target prot opt in out source destination

Authoring

neo - Site: http://www.openskills.info
Tipo Infobox: STDOUT
Skill Level: 3- INTERMEDIATE
Ultimo Aggiornamento: 2002-10-08 14:14:50
Data di creazione: 2002-10-08 14:14:50
Lingua:

More info:

Linux firewalling: Introduzione a Iptables

Overview, gestione, utilizzo di iptables su Linux per packet filtering

Linking

Discuting

Rispondi

F prime

Anonymous on 2005-02-27 21:54:58

did anyone know how to calculte F