[Ubuntu-PT 8035] Re: Problemas firewall - Portas não abrem
Miguel
miguel.angelo.mendes.ferreira gmail.com
Terça-Feira, 14 de Setembro de 2010 - 18:29:07 BST
> *Ok, eu abri as portas 10001 e a 10002 (tcp e udp) na firewall e
> alterei no amule... O aMule queixa-se á mesma que não está
> acessivel... Experimentei desligar a firewall "ufw" e o problema
> persiste... O router é um thomson modelo "tg787" para linhas ADSL, e
> nas configs dele re-confirmei que a firewall está desligada... Em
> desespero de causa, recorri a linha de comandos e digitei "sudo
> iptables -L", o resultado é o seguinte:*
>
> miguel Insys:~$ sudo iptables -L
> [sudo] password for miguel:
> Chain INPUT (policy DROP)
> target prot opt source destination
> BASE_INPUT_CHAIN all -- anywhere anywhere
> INPUT_CHAIN all -- anywhere anywhere
> HOST_BLOCK_SRC all -- anywhere anywhere
> SPOOF_CHK all -- anywhere anywhere
> VALID_CHK all -- anywhere anywhere
> EXT_INPUT_CHAIN !icmp -- anywhere anywhere
> state NEW
> EXT_INPUT_CHAIN icmp -- anywhere anywhere
> state NEW limit: avg 60/sec burst 100
> EXT_ICMP_FLOOD_CHAIN icmp -- anywhere
> anywhere state NEW
> INT_INPUT_CHAIN all -- anywhere anywhere
> POST_INPUT_CHAIN all -- anywhere anywhere
> LOG all -- anywhere anywhere limit:
> avg 1/sec burst 5 LOG level info prefix `AIF:Dropped INPUT packet: '
> DROP all -- anywhere anywhere
> ufw-before-logging-input all -- anywhere anywhere
> ufw-before-input all -- anywhere anywhere
> ufw-after-input all -- anywhere anywhere
> ufw-after-logging-input all -- anywhere anywhere
> ufw-reject-input all -- anywhere anywhere
> ufw-track-input all -- anywhere anywhere
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> BASE_FORWARD_CHAIN all -- anywhere anywhere
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> FORWARD_CHAIN all -- anywhere anywhere
> HOST_BLOCK_SRC all -- anywhere anywhere
> HOST_BLOCK_DST all -- anywhere anywhere
> EXT_FORWARD_IN_CHAIN all -- anywhere anywhere
> EXT_FORWARD_OUT_CHAIN all -- anywhere anywhere
> INT_FORWARD_IN_CHAIN all -- anywhere anywhere
> INT_FORWARD_OUT_CHAIN all -- anywhere anywhere
> SPOOF_CHK all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> LAN_INET_FORWARD_CHAIN all -- anywhere anywhere
> POST_FORWARD_CHAIN all -- anywhere anywhere
> LOG all -- anywhere anywhere limit:
> avg 1/min burst 3 LOG level info prefix `AIF:Dropped FORWARD packet: '
> DROP all -- anywhere anywhere
> ufw-before-logging-forward all -- anywhere anywhere
> ufw-before-forward all -- anywhere anywhere
> ufw-after-forward all -- anywhere anywhere
> ufw-after-logging-forward all -- anywhere anywhere
> ufw-reject-forward all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
> BASE_OUTPUT_CHAIN all -- anywhere anywhere
> TCPMSS tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN TCPMSS clamp to PMTU
> OUTPUT_CHAIN all -- anywhere anywhere
> HOST_BLOCK_DST all -- anywhere anywhere
> LOG all -f anywhere anywhere limit:
> avg 3/min burst 5 LOG level info prefix `AIF:Fragment packet: '
> DROP all -f anywhere anywhere
> EXT_OUTPUT_CHAIN all -- anywhere anywhere
> INT_OUTPUT_CHAIN all -- anywhere anywhere
> POST_OUTPUT_CHAIN all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
> Nanny all -- anywhere anywhere
> ufw-before-logging-output all -- anywhere anywhere
> ufw-before-output all -- anywhere anywhere
> ufw-after-output all -- anywhere anywhere
> ufw-after-logging-output all -- anywhere anywhere
> ufw-reject-output all -- anywhere anywhere
> ufw-track-output all -- anywhere anywhere
>
> Chain BASE_FORWARD_CHAIN (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> ESTABLISHED
> ACCEPT tcp -- anywhere anywhere state
> RELATED tcp dpts:1024:65535
> ACCEPT udp -- anywhere anywhere state
> RELATED udp dpts:1024:65535
> ACCEPT icmp -- anywhere anywhere state
> RELATED
> ACCEPT all -- anywhere anywhere
>
> Chain BASE_INPUT_CHAIN (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> ESTABLISHED
> ACCEPT tcp -- anywhere anywhere state
> RELATED tcp dpts:1024:65535
> ACCEPT udp -- anywhere anywhere state
> RELATED udp dpts:1024:65535
> ACCEPT icmp -- anywhere anywhere state
> RELATED
> ACCEPT all -- anywhere anywhere
>
> Chain BASE_OUTPUT_CHAIN (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> ESTABLISHED
> ACCEPT all -- anywhere anywhere
>
> Chain DMZ_FORWARD_IN_CHAIN (0 references)
> target prot opt source destination
>
> Chain DMZ_FORWARD_OUT_CHAIN (0 references)
> target prot opt source destination
>
> Chain DMZ_INET_FORWARD_CHAIN (0 references)
> target prot opt source destination
>
> Chain DMZ_INPUT_CHAIN (0 references)
> target prot opt source destination
>
> Chain DMZ_LAN_FORWARD_CHAIN (0 references)
> target prot opt source destination
>
> Chain DMZ_OUTPUT_CHAIN (0 references)
> target prot opt source destination
>
> Chain EXT_BROADCAST_CHAIN (3 references)
> target prot opt source destination
> LOG tcp -- anywhere anywhere tcp
> dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `AIF:PRIV
> TCP broadcast: '
> LOG udp -- anywhere anywhere udp
> dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `AIF:PRIV
> UDP broadcast: '
> LOG tcp -- anywhere anywhere tcp
> dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix
> `AIF:UNPRIV TCP broadcast: '
> LOG udp -- anywhere anywhere udp
> dpt:1024 limit: avg 6/min burst 2 LOG level info prefix `AIF:UNPRIV
> UDP broadcast: '
> DROP all -- anywhere anywhere
>
> Chain EXT_FORWARD_IN_CHAIN (1 references)
> target prot opt source destination
> VALID_CHK all -- anywhere anywhere
>
> Chain EXT_FORWARD_OUT_CHAIN (1 references)
> target prot opt source destination
>
> Chain EXT_ICMP_FLOOD_CHAIN (1 references)
> target prot opt source destination
> LOG icmp -- anywhere anywhere icmp
> destination-unreachable limit: avg 12/hour burst 1 LOG level info
> prefix `AIF:ICMP-unreachable flood: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp destination-unreachable
> LOG icmp -- anywhere anywhere icmp
> time-exceeded limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-time-exceeded fld: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp time-exceeded
> LOG icmp -- anywhere anywhere icmp
> parameter-problem limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-param-problem fld: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp parameter-problem
> LOG icmp -- anywhere anywhere icmp
> echo-request limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-request(ping) fld: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp echo-request
> LOG icmp -- anywhere anywhere icmp
> echo-reply limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-reply(pong) flood: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp echo-reply
> LOG icmp -- anywhere anywhere icmp
> source-quench limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-source-quench fld: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp source-quench
> LOG icmp -- anywhere anywhere limit:
> avg 12/hour burst 1 LOG level info prefix `AIF:ICMP(other) flood: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere anywhere
>
> Chain EXT_INPUT_CHAIN (2 references)
> target prot opt source destination
> LOG tcp -- anywhere anywhere tcp dpt:0
> limit: avg 6/hour burst 1 LOG level info prefix `AIF:Port 0 OS
> fingerprint: '
> LOG udp -- anywhere anywhere udp dpt:0
> limit: avg 6/hour burst 1 LOG level info prefix `AIF:Port 0 OS
> fingerprint: '
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp dpt:0
> POST_INPUT_DROP_CHAIN udp -- anywhere
> anywhere udp dpt:0
> LOG tcp -- anywhere anywhere tcp spt:0
> limit: avg 6/hour burst 5 LOG level info prefix `AIF:TCP source port 0: '
> LOG udp -- anywhere anywhere udp spt:0
> limit: avg 6/hour burst 5 LOG level info prefix `AIF:UDP source port 0: '
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp spt:0
> POST_INPUT_DROP_CHAIN udp -- anywhere
> anywhere udp spt:0
> ACCEPT udp -- 192.168.1.0/24 anywhere udp
> spt:netbios-ns dpts:32768:61000
> ACCEPT all -- 192.168.1.0/24 anywhere
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request limit: avg 20/sec burst 100
> LOG icmp -- anywhere anywhere icmp
> echo-request limit: avg 3/min burst 1 LOG level info prefix
> `AIF:ICMP-request: '
> LOG icmp -- anywhere anywhere icmp
> destination-unreachable limit: avg 12/hour burst 1 LOG level info
> prefix `AIF:ICMP-unreachable: '
> LOG icmp -- anywhere anywhere icmp
> time-exceeded limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-time-exceeded: '
> LOG icmp -- anywhere anywhere icmp
> parameter-problem limit: avg 12/hour burst 1 LOG level info prefix
> `AIF:ICMP-param.-problem: '
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp destination-unreachable
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp time-exceeded
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp parameter-problem
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp echo-request
> POST_INPUT_DROP_CHAIN icmp -- anywhere
> anywhere icmp echo-reply
> LOG tcp -- anywhere anywhere tcp
> dpts:1024:65535 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5
> LOG level info prefix `AIF:Stealth scan? (UNPRIV): '
> LOG tcp -- anywhere anywhere tcp
> dpts:0:1023 flags:!FIN,SYN,RST,ACK/SYN limit: avg 3/min burst 5 LOG
> level info prefix `AIF:Stealth scan? (PRIV): '
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
> EXT_BROADCAST_CHAIN all -- anywhere 255.255.255.255
> EXT_BROADCAST_CHAIN all -- anywhere
> BASE-ADDRESS.MCAST.NET/24
> EXT_BROADCAST_CHAIN all -- anywhere 192.168.1.255
> LOG tcp -- anywhere anywhere tcp
> dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `AIF:PRIV
> TCP packet: '
> LOG udp -- anywhere anywhere udp
> dpts:0:1023 limit: avg 6/min burst 2 LOG level info prefix `AIF:PRIV
> UDP packet: '
> LOG tcp -- anywhere anywhere tcp
> dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix
> `AIF:UNPRIV TCP packet: '
> LOG udp -- anywhere anywhere udp
> dpts:1024:65535 limit: avg 6/min burst 2 LOG level info prefix
> `AIF:UNPRIV UDP packet: '
> LOG igmp -- anywhere anywhere limit:
> avg 1/min burst 5 LOG level info prefix `AIF:IGMP packet: '
> POST_INPUT_CHAIN all -- anywhere anywhere
> POST_INPUT_DROP_CHAIN tcp -- anywhere anywhere
> POST_INPUT_DROP_CHAIN udp -- anywhere anywhere
> POST_INPUT_DROP_CHAIN igmp -- anywhere anywhere
> POST_INPUT_DROP_CHAIN icmp -- anywhere anywhere
> LOG all -- anywhere anywhere limit:
> avg 1/min burst 5 LOG level info prefix `AIF:Other connect: '
> POST_INPUT_DROP_CHAIN all -- anywhere anywhere
>
> Chain EXT_OUTPUT_CHAIN (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere 192.168.1.0/24
>
> Chain FORWARD_CHAIN (1 references)
> target prot opt source destination
>
> Chain HOST_BLOCK_DROP (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 1/min burst 1 LOG level info prefix `AIF:Blocked host(s): '
> DROP all -- anywhere anywhere
>
> Chain HOST_BLOCK_DST (2 references)
> target prot opt source destination
>
> Chain HOST_BLOCK_SRC (2 references)
> target prot opt source destination
>
> Chain INET_DMZ_FORWARD_CHAIN (0 references)
> target prot opt source destination
>
> Chain INPUT_CHAIN (1 references)
> target prot opt source destination
>
> Chain INT_FORWARD_IN_CHAIN (1 references)
> target prot opt source destination
>
> Chain INT_FORWARD_OUT_CHAIN (1 references)
> target prot opt source destination
>
> Chain INT_INPUT_CHAIN (1 references)
> target prot opt source destination
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request limit: avg 20/sec burst 100
> LOG icmp -- anywhere anywhere icmp
> echo-request limit: avg 3/min burst 1 LOG level info prefix
> `AIF:ICMP-request: '
> DROP icmp -- anywhere anywhere icmp
> echo-request
> ACCEPT all -- anywhere anywhere
>
> Chain INT_OUTPUT_CHAIN (1 references)
> target prot opt source destination
>
> Chain LAN_INET_FORWARD_CHAIN (1 references)
> target prot opt source destination
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request limit: avg 20/sec burst 100
> LOG icmp -- anywhere anywhere icmp
> echo-request limit: avg 3/min burst 1 LOG level info prefix
> `AIF:ICMP-request: '
> DROP icmp -- anywhere anywhere icmp
> echo-request
> ACCEPT tcp -- anywhere anywhere
> ACCEPT udp -- anywhere anywhere
> ACCEPT all -- anywhere anywhere
>
> Chain Nanny (1 references)
> target prot opt source destination
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 02:00:00 on Wed
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 01:00:00 on Sun
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 01:00:00 on Thu
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 02:00:00 on Tue
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 02:00:00 on Mon
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 01:00:00 on Fri
> DROP tcp -- anywhere anywhere multiport
> dports msnp,xmpp-client,xmpp-server owner UID match cristiana state
> NEW,RELATED,ESTABLISHED TIME from 00:00:00 to 01:00:00 on Sat
>
> Chain OUTPUT_CHAIN (1 references)
> target prot opt source destination
>
> Chain POST_FORWARD_CHAIN (1 references)
> target prot opt source destination
>
> Chain POST_INPUT_CHAIN (2 references)
> target prot opt source destination
>
> Chain POST_INPUT_DROP_CHAIN (39 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain POST_OUTPUT_CHAIN (1 references)
> target prot opt source destination
>
> Chain RESERVED_NET_CHK (0 references)
> target prot opt source destination
> LOG all -- 10.0.0.0/8 anywhere limit:
> avg 1/min burst 1 LOG level info prefix `AIF:Class A address: '
> LOG all -- 172.16.0.0/12 anywhere limit:
> avg 1/min burst 1 LOG level info prefix `AIF:Class B address: '
> LOG all -- 192.168.0.0/16 anywhere limit:
> avg 1/min burst 1 LOG level info prefix `AIF:Class C address: '
> LOG all -- link-local/16 anywhere limit:
> avg 1/min burst 1 LOG level info prefix `AIF:Class M$ address: '
> LOG all -- BASE-ADDRESS.MCAST.NET/24 anywhere
> limit: avg 1/min burst 1 LOG level info prefix `AIF:Multicast address: '
> LOG all -- 239.0.0.0/24 anywhere limit:
> avg 1/min burst 1 LOG level info prefix `AIF:Multicast address: '
> POST_INPUT_DROP_CHAIN all -- 10.0.0.0/8 anywhere
> POST_INPUT_DROP_CHAIN all -- 172.16.0.0/12 anywhere
> POST_INPUT_DROP_CHAIN all -- 192.168.0.0/16 anywhere
> POST_INPUT_DROP_CHAIN all -- link-local/16 anywhere
> POST_INPUT_DROP_CHAIN all -- BASE-ADDRESS.MCAST.NET/24 anywhere
> POST_INPUT_DROP_CHAIN all -- 239.0.0.0/24 anywhere
>
> Chain SPOOF_CHK (2 references)
> target prot opt source destination
> RETURN all -- 192.168.1.0/24 anywhere
> LOG all -- 192.168.1.0/24 anywhere limit:
> avg 3/min burst 5 LOG level info prefix `AIF:Spoofed packet: '
> POST_INPUT_DROP_CHAIN all -- 192.168.1.0/24 anywhere
> RETURN all -- anywhere anywhere
>
> Chain VALID_CHK (2 references)
> target prot opt source destination
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit: avg 3/min burst 5 LOG
> level info prefix `AIF:Stealth XMAS scan: '
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/min
> burst 5 LOG level info prefix `AIF:Stealth XMAS-PSH scan: '
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/min
> burst 5 LOG level info prefix `AIF:Stealth XMAS-ALL scan: '
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg 3/min burst 5 LOG level
> info prefix `AIF:Stealth FIN scan: '
> LOG tcp -- anywhere anywhere tcp
> flags:SYN,RST/SYN,RST limit: avg 3/min burst 5 LOG level info prefix
> `AIF:Stealth SYN/RST scan: '
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN/FIN,SYN limit: avg 3/min burst 5 LOG level info prefix
> `AIF:Stealth SYN/FIN scan?: '
> LOG tcp -- anywhere anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg 3/min burst 5 LOG level
> info prefix `AIF:Stealth Null scan: '
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp
> flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:SYN,RST/SYN,RST
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:FIN,SYN/FIN,SYN
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
> LOG tcp -- anywhere anywhere tcp
> option=64 limit: avg 3/min burst 1 LOG level info prefix `AIF:Bad TCP
> flag(64): '
> LOG tcp -- anywhere anywhere tcp
> option=128 limit: avg 3/min burst 1 LOG level info prefix `AIF:Bad TCP
> flag(128): '
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp option=64
> POST_INPUT_DROP_CHAIN tcp -- anywhere
> anywhere tcp option=128
> POST_INPUT_DROP_CHAIN all -- anywhere
> anywhere state INVALID
> LOG all -f anywhere anywhere limit:
> avg 3/min burst 1 LOG level warning prefix `AIF:Fragment packet: '
> DROP all -f anywhere anywhere
>
> Chain ufw-after-forward (1 references)
> target prot opt source destination
>
> Chain ufw-after-input (1 references)
> target prot opt source destination
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:netbios-ns
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:netbios-dgm
> ufw-skip-to-policy-input tcp -- anywhere
> anywhere tcp dpt:netbios-ssn
> ufw-skip-to-policy-input tcp -- anywhere
> anywhere tcp dpt:microsoft-ds
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:bootps
> ufw-skip-to-policy-input udp -- anywhere
> anywhere udp dpt:bootpc
> ufw-skip-to-policy-input all -- anywhere
> anywhere ADDRTYPE match dst-type BROADCAST
>
> Chain ufw-after-logging-forward (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] '
>
> Chain ufw-after-logging-input (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] '
>
> Chain ufw-after-logging-output (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW ALLOW] '
>
> Chain ufw-after-output (1 references)
> target prot opt source destination
>
> Chain ufw-before-forward (1 references)
> target prot opt source destination
> ufw-user-forward all -- anywhere anywhere
>
> Chain ufw-before-input (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ufw-logging-deny all -- anywhere anywhere
> state INVALID
> DROP all -- anywhere anywhere state
> INVALID
> ACCEPT icmp -- anywhere anywhere icmp
> destination-unreachable
> ACCEPT icmp -- anywhere anywhere icmp
> source-quench
> ACCEPT icmp -- anywhere anywhere icmp
> time-exceeded
> ACCEPT icmp -- anywhere anywhere icmp
> parameter-problem
> ACCEPT icmp -- anywhere anywhere icmp
> echo-request
> ACCEPT udp -- anywhere anywhere udp
> spt:bootps dpt:bootpc
> ufw-not-local all -- anywhere anywhere
> ACCEPT all -- BASE-ADDRESS.MCAST.NET/4 anywhere
> ACCEPT all -- anywhere BASE-ADDRESS.MCAST.NET/4
> ufw-user-input all -- anywhere anywhere
>
> Chain ufw-before-logging-forward (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere state NEW
> limit: avg 3/min burst 10 LOG level warning prefix `[UFW AUDIT] '
>
> Chain ufw-before-logging-input (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere state NEW
> limit: avg 3/min burst 10 LOG level warning prefix `[UFW AUDIT] '
>
> Chain ufw-before-logging-output (1 references)
> target prot opt source destination
> LOG all -- anywhere anywhere state NEW
> limit: avg 3/min burst 10 LOG level warning prefix `[UFW AUDIT] '
>
> Chain ufw-before-output (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ufw-user-output all -- anywhere anywhere
>
> Chain ufw-logging-allow (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW ALLOW] '
>
> Chain ufw-logging-deny (2 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] '
>
> Chain ufw-not-local (1 references)
> target prot opt source destination
> RETURN all -- anywhere anywhere ADDRTYPE
> match dst-type LOCAL
> RETURN all -- anywhere anywhere ADDRTYPE
> match dst-type MULTICAST
> RETURN all -- anywhere anywhere ADDRTYPE
> match dst-type BROADCAST
> ufw-logging-deny all -- anywhere anywhere
> limit: avg 3/min burst 10
> DROP all -- anywhere anywhere
>
> Chain ufw-reject-forward (1 references)
> target prot opt source destination
>
> Chain ufw-reject-input (1 references)
> target prot opt source destination
>
> Chain ufw-reject-output (1 references)
> target prot opt source destination
>
> Chain ufw-skip-to-policy-forward (0 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain ufw-skip-to-policy-input (7 references)
> target prot opt source destination
> DROP all -- anywhere anywhere
>
> Chain ufw-skip-to-policy-output (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain ufw-track-input (1 references)
> target prot opt source destination
>
> Chain ufw-track-output (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere state NEW
> ACCEPT udp -- anywhere anywhere state NEW
>
> Chain ufw-user-forward (1 references)
> target prot opt source destination
>
> Chain ufw-user-input (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:10001
> ACCEPT udp -- anywhere anywhere udp
> dpt:10001
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:10002
> ACCEPT udp -- anywhere anywhere udp
> dpt:10002
>
> Chain ufw-user-limit (0 references)
> target prot opt source destination
> LOG all -- anywhere anywhere limit:
> avg 3/min burst 5 LOG level warning prefix `[UFW LIMIT BLOCK] '
> REJECT all -- anywhere anywhere
> reject-with icmp-port-unreachable
>
> Chain ufw-user-limit-accept (0 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
>
> Chain ufw-user-logging-forward (0 references)
> target prot opt source destination
>
> Chain ufw-user-logging-input (0 references)
> target prot opt source destination
>
> Chain ufw-user-logging-output (0 references)
> target prot opt source destination
>
> Chain ufw-user-output (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:10001
> ACCEPT udp -- anywhere anywhere udp
> dpt:10001
> ACCEPT tcp -- anywhere anywhere tcp
> dpt:10002
> ACCEPT udp -- anywhere anywhere udp
> dpt:10002
> miguel Insys:~$
>
> *Em desespero, questino se não seria melhor fazer "reset" ás configs
> do "iptables"... Ficando só com acesso á porta 80, e depois ir abrindo
> as necessárias... Ou arranjar um ficheiro já pré-feito de iptables...
> Fico com a sensação que mesmo executando o "ufw" em "root" este não
> altera os "iptables".... Se desligar a firewall do ufw, o ficheiro
> iptables mantem-se inalterado...
>
> Sugestões aceitam-se...
> Obrigado!
> *
>
> *Eu apoio uma Europa livre de patentes de software. E você?*
> EuropeSwPatentFree
>
> <http://livredepatentes.gnulinux-portugal.org/>
> <http://livredepatentes.gnulinux-portugal.org/>
>
> On 14-09-2010 15:14, Antonio Amaro wrote:
>> Em 13-09-2010 21:09, Miguel escreveu:
>>
>>> Olá a todos!
>>>
>>> O problema é o seguinte:
>>>
>>> Instalei o programa "aMule Adunanza", e estou a receber notificações de
>>> "low id" de cada vez que me conecto a um servidor. Para tentar resolver
>>> o problema
>>> tentei abrir as portas 4662 a 4669 com o programa "Firestarter" (não
>>> consegui), e depois tentei com o programa "ufw firewall", o qual também
>>> não abriu. Ou seja, as portas continuam fechadas. Verifiquei a situação
>>> com um programa online da internet que me fez um scan ás portas e o
>>> resultado é que as portas estão _todas fechadas_... Isto inclusivé a
>>> porta 80... Já desliguei a firewall do router e o resultado é o mesmo...
>>>
>>> O site que me fez o scan ás minhas portas é o seguinte:
>>>
>>> https://www.grc.com/x/ne.dll?bh0bkyd2
>>>
>>> Parte do relatório do scan:
>>>
>>>
>>> *Solicited TCP Packets: PASSED* --- No TCP packets were received from
>>> your system as a direct result of our attempts to elicit some response
>>> from any of the ports listed below --- they are all either fully
>>> stealthed or blocked by your ISP. However* . . .*
>>>
>>>
>>>
>>> *Unsolicited Packets: PASSED* --- No Internet packets of any sort were
>>> received from your system as a side-effect of our attempts to elicit
>>> some response from any of the ports listed above. Some questionable
>>> personal security systems expose their users by attempting to
>>> "counter-probe the prober", thus revealing themselves. But your system
>>> remained wisely silent. (Except for the fact that not all of its ports
>>> are completely stealthed as shown below.)
>>>
>>>
>>>
>>> *Ping Reply: RECEIVED (FAILED)* --- Your system REPLIED to our Ping
>>> (ICMP Echo) requests, making it visible on the Internet. Most personal
>>> firewalls can be configured to block, drop, and ignore such ping
>>> requests in order to better hide systems from hackers. This is highly
>>> recommended since "Ping" is among the oldest and most common methods
>>> used to locate systems prior to further exploitation.
>>>
>>>
>>> Aceito sugestões...
>>>
>>> Miguel Ferreira
>>>
>>>
>> Alguns router criam problemas aos programas p2p, bloqueiam mesmo as
>> portas que normalmente vêm por defeito, tenta portas de valor mais alto,
>> põem mais dois dígitos aí e volta a tentar. Não esqueças de autorizar na
>> firewall.
>> Abraço
>>
>>
Mais informações acerca da lista ubuntu-pt