rlazar escreveu:Olá,
Segui todos os passos, funcionou tudo corretamente.
Porém, quando lanço o IP no Sisblock para que ele não passe pelos bloqueios de site, ainda sim fica bloqueado os acessos aos sites na lista de bloqueio.
O que pode ser?
Obrigado.
[brazilfw]/# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
traffic-count all -- anywhere anywhere
SSH-MONITOR all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
LOG_DROP all -- anywhere anywhere ctstate INVALID
internal-service all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
traffic-count all -- anywhere anywhere
DROPDNS all -- anywhere anywhere
LOG_DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
haro all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
traffic-count all -- anywhere anywhere
Chain DROPDNS (1 references)
target prot opt source destination
Chain LOG_DROP (4 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain SSH-MONITOR (1 references)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: SSH side: source mask: 255.255.255.255
LOG_DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 300 hit_count: 4 TTL-Match name: SSH side: source mask: 255.255.255.255
Chain haro (1 references)
target prot opt source destination
ACCEPT all -- 192.168.2.2 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3
DROP all -- anywhere anywhere
Chain internal-service (1 references)
target prot opt source destination
RETURN icmp -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN gre -- anywhere anywhere
RETURN all -- anywhere anywhere
LOG_DROP all -- anywhere anywhere
Chain traffic-count (3 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
ACCOUNT all -- anywhere anywhere ACCOUNT addr 192.168.2.0/24 tname lan0
[brazilfw]/# [brazilfw]/# iptables -L
-sh: [brazilfw]/#: not found
[brazilfw]/# Chain INPUT (policy ACCEPT)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# traffic-count all -- anywhere anywhere
-sh: traffic-count: not found
[brazilfw]/# SSH-MONITOR all -- anywhere anywhere
-sh: SSH-MONITOR: not found
[brazilfw]/# ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
-sh: ACCEPT: not found
[brazilfw]/# LOG_DROP all -- anywhere anywhere ctstate INVALID
-sh: target prot opt source destination
LOG_DROP: not found
[brazilfw]/# internal-service all -- anywhere anywhere
-sh: internal-service: not found
[brazilfw]/#
[brazilfw]/# Chain FORWARD (policy ACCEPT)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# traffic-count all -- anywhere anywhere
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
-sh: traffic-count: not found
[brazilfw]/# DROPDNS all -- anywhere anywhere
-sh: DROPDNS: not found
[brazilfw]/# LOG_DROP all -- anywhere anywhere ctstate INVALID
-sh: LOG_DROP: not found
[brazilfw]/# ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
-sh: ACCEPT: not found
[brazilfw]/# TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
-sh: TCPMSS: not found
[brazilfw]/# haro all -- anywhere anywhere
-sh: haro: not found
[brazilfw]/#
[brazilfw]/# Chain OUTPUT (policy ACCEPT)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# traffic-count all -- anywhere anywhere
-sh: traffic-count: not found
[brazilfw]/#
[brazilfw]/# Chain DROPDNS (1 references)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/#
[brazilfw]/# Chain LOG_DROP (4 references)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# DROP all -- anywhere anywhere
-sh: DROP: not found
[brazilfw]/#
[brazilfw]/# Chain SSH-MONITOR (1 references)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: SSH side: source mask: 255.255.255.255
-sh: tcp: not found
[brazilfw]/# LOG_DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 300 hit_count: 4 TTL-Match name: SSH side: source mask: 255.255.255.255
-sh: LOG_DROP: not found
[brazilfw]/#
[brazilfw]/# Chain haro (1 references)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# ACCEPT all -- 192.168.2.2 anywhere
-sh: ACCEPT: not found
[brazilfw]/# ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
-sh: ACCEPT: not found
[brazilfw]/# ACCEPT udp -- anywhere anywhere udp dpt:pop3
-sh: ACCEPT: not found
[brazilfw]/# DROP all -- anywhere anywhere
-sh: DROP: not found
[brazilfw]/#
[brazilfw]/# Chain internal-service (1 references)
-sh: syntax error: unexpected "("
[brazilfw]/# target prot opt source destination
-sh: target: not found
[brazilfw]/# RETURN icmp -- anywhere anywhere
-sh: RETURN: not found
[brazilfw]/# RETURN all -- anywhere anywhere
-sh: RETURN: not found
[brazilfw]/# RETURN gre -- anywhere anywhere
-sh: RETURN: not found
[brazilfw]/# RETURN all -- anywhere anywhere
-sh: RETURN: not found
[brazilfw]/# LOG_DROP all -- anywhere anywhere
-sh: LOG_DROP: not found
[brazilfw]/#
[brazilfw]/# Chain traffic-count (3 references)
-sh: syntax error: unexpected "("
all -- anywhere anywhere
[brazilfw]/# target prot opt source destination
-sh: all -- anywhere anywhere
target: not found
[brazilfw]/# all -- anywhere anywhere
-sh: all: not found
[brazilfw]/# all -- anywhere anywhere
-sh: all: not found
[brazilfw]/# all -- anywhere anywhere
-sh: all: not found
[brazilfw]/# all -- anywhere anywhere
-sh: all: not found
[brazilfw]/# ACCOUNT all -- anywhere anywhere ACCOUNT addr 192.168.2.0/24 tname lan0
-sh: ACCOUNT: not found
Lenobare escreveu:Alguma configuração em sua rede não bate..
maXip <- o que é?
svierzoski escreveu:Nao transparente.
acl liberados src "/etc/brazilfw/custom/liberados"
http_access allow liberados
[brazilfw]/# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
traffic-count all -- anywhere anywhere
SSH-MONITOR all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED
LOG_DROP all -- anywhere anywhere ctstate INVALID
internal-service all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
traffic-count all -- anywhere anywhere
DROPDNS all -- anywhere anywhere
LOG_DROP all -- anywhere anywhere ctstate INVALID
ACCEPT all -- anywhere anywhere ctstate RELATED,ES TABLISHED
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/ SYN TCPMSS clamp to PMTU
haro all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
traffic-count all -- anywhere anywhere
Chain DROPDNS (1 references)
target prot opt source destination
LOG_DROP tcp -- anywhere anywhere tcp dpt:domain
LOG_DROP udp -- anywhere anywhere udp dpt:domain
Chain LOG_DROP (6 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain SSH-MONITOR (1 references)
target prot opt source destination
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: SSH side: source mask: 255.255.255.255
LOG_DROP tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 300 hit_count: 4 TTL-Match name: SSH side: source ma sk: 255.255.255.255
Chain haro (1 references)
target prot opt source destination
ACCEPT all -- 192.168.2.2 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT udp -- anywhere anywhere udp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT udp -- anywhere anywhere udp dpt:submission
DROP all -- anywhere anywhere
Chain internal-service (1 references)
target prot opt source destination
RETURN icmp -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN gre -- anywhere anywhere
RETURN all -- anywhere anywhere
LOG_DROP all -- anywhere anywhere
Chain traffic-count (3 references)
target prot opt source destination
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
all -- anywhere anywhere
ACCOUNT all -- anywhere anywhere ACCOUNT addr 192.1 68.2.0/24 tname lan0
[brazilfw]/#
iptables -A FORWARD -p tcp --dport 5222 -j REJECT
iptables -A FORWARD -p udp --dport 5222 -j REJECT
Usuários navegando neste fórum: Nenhum usuário registrado e 14 visitantes