Dodaj do ulubionych

Jakie porty odblokowac (neo i siec)

IP: *.neoplus.adsl.tpnet.pl 30.07.04, 15:50
Witam,
ustalilem firewall na SpeedTouch 510 z calkowita blokada portow. Odblokowalem
WWW, FTP, SSL, POP3, SMTP, GG, REALAUDIO, TELNET, jakie porty polecilibyscie
jeszcze odblokowac. Zalezy mi jednak na tym aby nie bylo mozliwosci (lub
ograniczyc ja do zera) korzystania z programow P2P ??
Pozdrawiam SV
Obserwuj wątek
      • Gość: SV Re: Jakie porty odblokowac (neo i siec) IP: *.neoplus.adsl.tpnet.pl 01.08.04, 10:39
        ustawiasz regułki poprzez CLI (uzyj telneta) albo zapisz plik konfiguracyjny na dysku i edytuj go.
        zmieniasz opcje o nazwie pfirewall.ini na mniej wiecej takie, wpisalem tu wiekszosc znanych uslug:
        [ pfirewall.ini ]
        chain create chain=allow_ipsec_source
        chain create chain=allow_ipsec_sink
        chain create chain=source
        chain create chain=forward
        chain create chain=sink
        rule create chain=allow_ipsec_source index=0 prot=udp dstport=ike action=accept
        rule create chain=allow_ipsec_source index=1 prot=tcp action=accept
        rule create chain=allow_ipsec_sink index=0 prot=udp dstport=ike action=accept
        rule create chain=allow_ipsec_sink index=1 prot=ah action=accept
        rule create chain=allow_ipsec_sink index=2 prot=esp action=accept
        rule create chain=allow_ipsec_sink index=3 srcintfgrp=wan prot=tcp ack=yes action=accept
        rule create chain=source index=0 dstintfgrp=!wan action=accept
        rule create chain=source index=1 prot=udp dstport=dns action=accept
        rule create chain=source index=2 prot=udp dstport=bootps action=accept
        rule create chain=source index=3 prot=icmp icmptype=echo-request action=accept
        rule create chain=source index=4 prot=udp srcport=snmp log=yes action=count
        rule create chain=source index=5 action=drop
        rule create chain=forward index=0 srcintfgrp=wan dstintfgrp=wan action=drop
        rule create chain=forward index=1 srcintfgrp=lan prot=tcp dstport=www-http action=accept
        rule create chain=forward index=2 srcintfgrp=wan prot=tcp srcport=www-http action=accept
        rule create chain=forward index=3 srcintfgrp=lan prot=tcp srcport=ftp action=accept
        rule create chain=forward index=4 srcintfgrp=wan prot=tcp dstport=ftp action=accept
        rule create chain=forward index=5 srcintfgrp=lan prot=tcp srcport=ftp-data action=accept
        rule create chain=forward index=6 srcintfgrp=wan prot=tcp dstport=ftp-data action=accept
        rule create chain=forward index=7 srcintfgrp=lan prot=tcp dstport=pop3 action=accept
        rule create chain=forward index=8 srcintfgrp=wan prot=tcp ack=yes srcport=pop3 action=accept
        rule create chain=forward index=9 srcintfgrp=lan prot=tcp dstport=smtp action=accept
        rule create chain=forward index=10 srcintfgrp=wan prot=tcp ack=yes srcport=smtp action=accept
        rule create chain=forward index=11 srcintfgrp=lan prot=tcp dstport=465 action=accept
        rule create chain=forward index=12 srcintfgrp=wan prot=tcp ack=yes srcport=465 action=accept
        rule create chain=forward index=13 srcintfgrp=lan prot=tcp dstport=995 action=accept
        rule create chain=forward index=14 srcintfgrp=wan prot=tcp ack=yes srcport=995 action=accept
        rule create chain=forward index=15 srcintfgrp=lan prot=udp dstport=dns action=accept
        rule create chain=forward index=16 srcintfgrp=wan prot=udp srcport=dns action=accept
        rule create chain=forward index=17 srcintfgrp=wan prot=tcp srcport=dns action=accept
        rule create chain=forward index=18 srcintfgrp=lan prot=tcp dstport=dns action=accept
        rule create chain=forward index=19 srcintfgrp=lan prot=icmp icmptype=echo-request action=accept
        rule create chain=forward index=20 srcintfgrp=wan prot=icmp icmptype=echo-reply action=accept
        rule create chain=forward index=21 srcintfgrp=lan prot=tcp dstport=ftp action=accept
        rule create chain=forward index=22 srcintfgrp=wan prot=tcp ack=yes srcport=ftp action=accept
        rule create chain=forward index=23 srcintfgrp=lan prot=tcp dstport=ftp-data action=accept
        rule create chain=forward index=24 srcintfgrp=wan prot=tcp srcport=ftp-data action=accept
        rule create chain=forward index=25 srcintfgrp=lan prot=tcp dstport=pop3 action=accept
        rule create chain=forward index=26 srcintfgrp=wan prot=tcp ack=yes srcport=pop3 action=accept
        rule create chain=forward index=27 srcintfgrp=lan prot=tcp dstport=smtp action=accept
        rule create chain=forward index=28 srcintfgrp=wan prot=tcp ack=yes srcport=smtp action=accept
        rule create chain=forward index=29 srcintfgrp=wan prot=tcp srcport=5190 action=accept
        rule create chain=forward index=30 srcintfgrp=lan prot=tcp dstport=5190 action=accept
        rule create chain=forward index=31 srcintfgrp=wan prot=tcp srcport=5050 action=accept
        rule create chain=forward index=32 srcintfgrp=lan prot=tcp dstport=5050 action=accept
        rule create chain=forward index=33 dstintfgrp=lan prot=tcp srcport=nntp action=accept
        rule create chain=forward index=34 dstintfgrp=wan prot=tcp dstport=nntp action=accept
        rule create chain=forward index=35 srcintfgrp=wan prot=tcp srcport=9898 action=accept
        rule create chain=forward index=36 srcintfgrp=lan prot=tcp dstport=9898 action=accept
        rule create chain=forward index=37 srcintfgrp=lan prot=tcp dstport=1863 action=accept
        rule create chain=forward index=38 srcintfgrp=wan prot=tcp srcport=1863 action=accept
        rule create chain=forward index=39 srcintfgrp=lan prot=tcp dstport=6891 dstportend=6901 action=accept
        rule create chain=forward index=40 srcintfgrp=wan prot=tcp srcport=6891 srcportend=6901 action=accept
        rule create chain=forward index=41 srcintfgrp=lan prot=tcp dstport=auth action=accept
        rule create chain=forward index=42 srcintfgrp=wan prot=tcp srcport=auth action=accept
        rule create chain=forward index=43 srcintfgrp=lan prot=tcp dstport=6660 dstportend=6669 action=accept
        rule create chain=forward index=44 srcintfgrp=wan prot=tcp srcport=6660 srcportend=6669 action=accept
        rule create chain=forward index=45 srcintfgrp=lan prot=tcp dstport=443 action=accept
        rule create chain=forward index=46 srcintfgrp=wan prot=tcp srcport=443 action=accept
        rule create chain=forward index=47 srcintfgrp=lan prot=tcp dstport=8074 action=accept
        rule create chain=forward index=48 srcintfgrp=wan prot=tcp srcport=8074 action=accept
        rule create chain=forward index=49 srcintfgrp=lan prot=tcp dstport=smtp action=accept
        rule create chain=forward index=50 srcintfgrp=wan prot=tcp srcport=smtp action=accept
        rule create chain=forward index=51 srcintfgrp=lan prot=tcp dstport=1723 action=accept
        rule create chain=forward index=52 srcintfgrp=wan prot=tcp srcport=1723 action=accept
        rule create chain=forward index=53 srcintfgrp=lan prot=tcp dstport=47 action=accept
        rule create chain=forward index=54 srcintfgrp=wan prot=tcp srcport=47 action=accept
        rule create chain=forward index=55 srcintfgrp=lan prot=tcp dstport=imap2 action=accept
        rule create chain=forward index=56 srcintfgrp=wan prot=tcp ack=yes srcport=imap2 action=accept
        rule create chain=forward index=57 srcintfgrp=lan prot=udp dstport=6970 dstportend=7170 action=accept
        rule create chain=forward index=58 srcintfgrp=wan prot=udp srcport=6970 srcportend=7170 action=accept
        rule create chain=forward index=59 srcintfgrp=lan prot=tcp dstport=realaudio action=accept
        rule create chain=forward index=60 srcintfgrp=wan prot=tcp srcport=realaudio action=accept
        rule create chain=forward index=61 srcintfgrp=lan prot=tcp dstport=7071 action=accept
        rule create chain=forward index=62 srcintfgrp=wan prot=tcp srcport=7071 action=accept
        rule create chain=forward index=63 srcintfgrp=lan prot=tcp dstport=rtsp action=accept
        rule create chain=forward index=64 srcintfgrp=wan prot=tcp srcport=rtsp action=accept
        rule create chain=forward index=65 srcintfgrp=wan prot=tcp srcport=httpproxy action=accept
        rule create chain=forward index=66 srcintfgrp=lan prot=tcp dstport=httpproxy action=accept
        rule create chain=forward index=67 srcintfgrp=lan prot=tcp dstport=425 action=accept
        rule create chain=forward index=68 srcintfgrp=wan prot=tcp srcport=425 action=accept
        rule create chain=forward index=73 action=drop <<<<<wazna jest ta linia ktora blokuje pozostale pakiety,
        teraz musisz dopisac nakoncu jeszcze
        assign hook=sink chain=sink
        assign hook=forward chain=forward
        assign hook=source chain=source
        aby wlaczyc firewalla, ladujesz tak zmieniony caly plik konfiguracyjny i po sprawie...
        polecam w google wszystko tam jest napisane.
        Pozdrawiam
        SV
        P.S. Przepraszam za balagan w rules ;-)

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka