<div class="gmail_quote">El 11 de octubre de 2011 11:22, Benjamin A. Gomez Castillo {Soluciones integrales Tech} <<a href="mailto:bgomez@solucionesintegralestech.com">bgomez@solucionesintegralestech.com</a>> escribió: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">si por favor, creo que la lista tiene bloqueados los adjuntos. saludos,<div class="im"> On 10/11/2011 11:16 AM, Wilhelm Ricardo Santisteban wrote: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> Pues ya te lo envie adjunto creo que no se fue o no paso. Te lo copio en el mensaje para que lo compares. El 11 de octubre de 2011 11:14, Benjamin A. Gomez Castillo {Soluciones integrales Tech}<<a href="mailto:bgomez@solucionesintegralestech.com" target="_blank">bgomez@solucionesintegralestech.com</a>> escribió: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> si gracias, si podes envierme un archivo, puedo compararlo y modificarlo. Saludos, On 10/11/2011 10:47 AM, Wilhelm Ricardo Santisteban wrote: </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> Te servira cambiar el archivo por uno nuevo ? Te adjunto uno. El 11 de octubre de 2011 10:26, Benjamin A. Gomez Castillo {Soluciones </div> integrales Tech}<bgomez@**<a href="http://solucionesintegralestech.com" target="_blank">solucionesintegralestech.com</a><<a href="mailto:bgomez@solucionesintegralestech.com" target="_blank">bgomez@solucionesintegralestech.com</a>>><div class="im"> escribió: fijate que intente hacer esto, de hecho, antes de enviar el post, google </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> fue mi primer opcion, pero todos los ejemplos que probe no resultaron exitosos. On 10/11/2011 10:24 AM, Manuel Pinot wrote: </div><a href="http://pikt.org/pikt/samples/****iptables_reset_programs.cfg.****html" target="_blank">http://pikt.org/pikt/samples/****iptables_reset_programs.cfg.****html</a><<a href="http://pikt.org/pikt/samples/**iptables_reset_programs.cfg.**html" target="_blank">http://pikt.org/pikt/samples/**iptables_reset_programs.cfg.**html</a>> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <<a href="http://pikt.org/pikt/**samples/iptables_reset_**programs.cfg.html" target="_blank">http://pikt.org/pikt/**samples/iptables_reset_**programs.cfg.html</a><<a href="http://pikt.org/pikt/samples/iptables_reset_programs.cfg.html" target="_blank">http://pikt.org/pikt/samples/iptables_reset_programs.cfg.html</a>>><div class="im"> !google reset iptables 2011/10/11 Benjamin A. Gomez Castillo {Soluciones integrales Tech} </div> <bgomez@**solucionesintegrales**<a href="http://tech.com" target="_blank">tech.com</a><<a href="http://solucionesintegralestech.com/" target="_blank">http://solucionesintegralestech.com/</a>> <bgomez@**<a href="http://solucionesintegralestech.com" target="_blank">solucionesintegralestech.com</a><<a href="mailto:bgomez@solucionesintegralestech.com" target="_blank">bgomez@solucionesintegralestech.com</a>> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"> : negativo, primero estaba montando la seguridad para despues ponerlo en produccion. On 10/11/2011 10:18 AM, elbek wrote: y tu servidor esta en producción?? <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <a href="mailto:ubuntu-gt@lists.ubuntu.com" target="_blank">ubuntu-gt@lists.ubuntu.com</a> </blockquote> Modificar opciones o dessuscribirse: </div><a href="https://lists.ubuntu.com/****mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/****mailman/listinfo/ubuntu-gt</a><<a href="https://lists.ubuntu.com/**mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/**mailman/listinfo/ubuntu-gt</a>> <htt**ps://<a href="http://lists.ubuntu.com/mailman/**listinfo/ubuntu-gt" target="_blank">lists.ubuntu.com/mailman/**listinfo/ubuntu-gt</a><<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt</a>> <a href="mailto:ubuntu-gt@lists.ubuntu.com" target="_blank">ubuntu-gt@lists.ubuntu.com</a> </blockquote><div class="im"> Modificar opciones o dessuscribirse: <a href="https://lists.ubuntu.com/**" target="_blank">https://lists.ubuntu.com/**</a> </div> mailman/listinfo/ubuntu-gt<htt**ps://<a href="http://lists.ubuntu.com/mailman/**" target="_blank">lists.ubuntu.com/mailman/**</a> listinfo/ubuntu-gt<<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt</a>> <a href="mailto:ubuntu-gt@lists.ubuntu.com" target="_blank">ubuntu-gt@lists.ubuntu.com</a> </blockquote><div class="im"> Modificar opciones o dessuscribirse: <a href="https://lists.ubuntu.com/**" target="_blank">https://lists.ubuntu.com/**</a> </div> mailman/listinfo/ubuntu-gt<htt**ps://<a href="http://lists.ubuntu.com/mailman/**" target="_blank">lists.ubuntu.com/mailman/**</a> listinfo/ubuntu-gt<<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt</a>> </blockquote> </blockquote><div class="im"> <a href="mailto:ubuntu-gt@lists.ubuntu.com" target="_blank">ubuntu-gt@lists.ubuntu.com</a> Modificar opciones o dessuscribirse: <a href="https://lists.ubuntu.com/**" target="_blank">https://lists.ubuntu.com/**</a> mailman/listinfo/ubuntu-gt<<a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt</a>> </div></blockquote> </blockquote><div><div></div><div class="h5"> <a href="mailto:ubuntu-gt@lists.ubuntu.com" target="_blank">ubuntu-gt@lists.ubuntu.com</a> Modificar opciones o dessuscribirse: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt" target="_blank">https://lists.ubuntu.com/mailman/listinfo/ubuntu-gt</a> </div></div></blockquote></div> Llega #!/bin/sh # # iptables Start iptables firewall # # chkconfig: 2345 08 92 # description: Starts, stops and saves iptables firewall # # config: /etc/sysconfig/iptables # config: /etc/sysconfig/iptables-config # Source function library. . /etc/init.d/functions IPTABLES=iptables IPTABLES_DATA=/etc/sysconfig/$IPTABLES IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6 PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES if [ ! -x /sbin/$IPTABLES ]; then echo -n $"/sbin/$IPTABLES does not exist."; warning; echo exit 0 fi if lsmod 2>/dev/null | grep -q ipchains ; then echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo exit 1 fi # Old or new modutils /sbin/modprobe --version 2>&1 | grep -q module-init-tools \ && NEW_MODUTILS=1 \ || NEW_MODUTILS=0 # Default firewall configuration: IPTABLES_MODULES="" IPTABLES_MODULES_UNLOAD="yes" IPTABLES_SAVE_ON_STOP="no" IPTABLES_SAVE_ON_RESTART="no" IPTABLES_SAVE_COUNTER="no" IPTABLES_STATUS_NUMERIC="yes" # Load firewall configuration. [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG" rmmod_r() { # Unload module with all referring modules. # At first all referring modules will be unloaded, then the module itself. local mod=$1 local ret=0 local ref= # Get referring modules. # New modutils have another output format. [ $NEW_MODUTILS = 1 ] \ && ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \ || ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1` # recursive call for all referring modules for i in $ref; do rmmod_r $i let ret+=$?; done # Unload module. # The extra test is for 2.6: The module might have autocleaned, # after all referring modules are unloaded. if grep -q "^${mod}" /proc/modules ; then modprobe -r $mod > /dev/null 2>&1 let ret+=$?; fi return $ret } flush_n_delete() { # Flush firewall rules and delete chains. [ -e "$PROC_IPTABLES_NAMES" ] || return 1 # Check if firewall is configured (has tables) tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` [ -z "$tables" ] && return 1 echo -n $"Flushing firewall rules: " ret=0 # For all tables for i in $tables; do # Flush firewall rules. $IPTABLES -t $i -F; let ret+=$?; # Delete firewall chains. $IPTABLES -t $i -X; let ret+=$?; # Set counter to zero. $IPTABLES -t $i -Z; let ret+=$?; done [ $ret -eq 0 ] && success || failure echo return $ret } set_policy() { # Set policy for configured tables. policy=$1 # Check if iptable module is loaded [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 # Check if firewall is configured (has tables) tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` [ -z "$tables" ] && return 1 echo -n $"Setting chains to policy $policy: " ret=0 for i in $tables; do echo -n "$i " case "$i" in raw) $IPTABLES -t raw -P PREROUTING $policy \ && $IPTABLES -t raw -P OUTPUT $policy \ || let ret+=1 ;; filter) $IPTABLES -t filter -P INPUT $policy \ && $IPTABLES -t filter -P OUTPUT $policy \ && $IPTABLES -t filter -P FORWARD $policy \ || let ret+=1 ;; nat) $IPTABLES -t nat -P PREROUTING $policy \ && $IPTABLES -t nat -P POSTROUTING $policy \ && $IPTABLES -t nat -P OUTPUT $policy \ || let ret+=1 ;; mangle) $IPTABLES -t mangle -P PREROUTING $policy \ && $IPTABLES -t mangle -P POSTROUTING $policy \ && $IPTABLES -t mangle -P INPUT $policy \ && $IPTABLES -t mangle -P OUTPUT $policy \ && $IPTABLES -t mangle -P FORWARD $policy \ || let ret+=1 ;; *) let ret+=1 ;; esac done [ $ret -eq 0 ] && success || failure echo return $ret } start() { # Do not start if there is no config file. [ -f "$IPTABLES_DATA" ] || return 1 echo -n $"Applying $IPTABLES firewall rules: " OPT= [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c" $IPTABLES-restore $OPT $IPTABLES_DATA if [ $? -eq 0 ]; then success; echo else failure; echo; return 1 fi # Load additional modules (helpers) if [ -n "$IPTABLES_MODULES" ]; then echo -n $"Loading additional $IPTABLES modules: " ret=0 for mod in $IPTABLES_MODULES; do echo -n "$mod " modprobe $mod > /dev/null 2>&1 let ret+=$?; done [ $ret -eq 0 ] && success || failure echo fi touch $VAR_SUBSYS_IPTABLES return $ret } stop() { # Do not stop if iptables module is not loaded. [ -e "$PROC_IPTABLES_NAMES" ] || return 1 flush_n_delete set_policy ACCEPT if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then echo -n $"Unloading $IPTABLES modules: " ret=0 rmmod_r ${IPV}_tables let ret+=$?; rmmod_r ${IPV}_conntrack let ret+=$?; [ $ret -eq 0 ] && success || failure echo fi rm -f $VAR_SUBSYS_IPTABLES return $ret } save() { # Check if iptable module is loaded [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 # Check if firewall is configured (has tables) tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` [ -z "$tables" ] && return 1 echo -n $"Saving firewall rules to $IPTABLES_DATA: " OPT= [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c" ret=0 TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \ && chmod 600 "$TMP_FILE" \ && $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \ && size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \ || ret=1 if [ $ret -eq 0 ]; then if [ -e $IPTABLES_DATA ]; then cp -f $IPTABLES_DATA $IPTABLES_DATA.save \ && chmod 600 $IPTABLES_DATA.save \ || ret=1 fi if [ $ret -eq 0 ]; then cp -f $TMP_FILE $IPTABLES_DATA \ && chmod 600 $IPTABLES_DATA \ || ret=1 fi fi [ $ret -eq 0 ] && success || failure echo rm -f $TMP_FILE return $ret } status() { tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null` # Do not print status if lockfile is missing and iptables modules are not # loaded. # Check if iptable module is loaded if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then echo $"Firewall is stopped." return 1 fi # Check if firewall is configured (has tables) if [ ! -e "$PROC_IPTABLES_NAMES" ]; then echo $"Firewall is not configured. " return 1 fi if [ -z "$tables" ]; then echo $"Firewall is not configured. " return 1 fi NUM= [ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n" VERBOSE= [ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose" COUNT= [ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers" for table in $tables; do echo $"Table: $table" $IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo done return 0 } restart() { [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save stop start } case "$1" in start) stop start RETVAL=$? ;; stop) [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save stop RETVAL=$? ;; restart) restart RETVAL=$? ;; condrestart) [ -e "$VAR_SUBSYS_IPTABLES" ] && restart ;; status) status RETVAL=$? ;; panic) flush_n_delete set_policy DROP RETVAL=$? ;; save) save RETVAL=$? ;; *) echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}" exit 1 ;; esac exit $RETVAL -- Wilhelm Otzoy @ <a href="mailto:wros19@gmail.com" target="_blank">wros19@gmail.com</a> <a href="mailto:wros21@lugama.org" target="_blank">wros21@lugama.org</a> <a href="http://www.lugabaj.lugama.org" target="_blank">www.lugabaj.lugama.org</a> GNU/Linux User #519581 Ubuntu User # 33926 Vive la diferencia de ser libre. Usa Software libre, GNU/Linux