http://mediawiki.netbreaker.de/mediawiki/index.php?action=history&feed=atom&title=Ferm
Ferm - Versionsgeschichte
2026-04-24T02:45:58Z
Versionsgeschichte dieser Seite in ConfigWiki
MediaWiki 1.19.20+dfsg-0+deb7u3
http://mediawiki.netbreaker.de/mediawiki/index.php?title=Ferm&diff=434&oldid=prev
Netbreaker am 7. Januar 2011 um 16:07 Uhr
2011-01-07T16:07:10Z
<p></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr valign='top'>
<td colspan='2' style="background-color: white; color:black;">← Nächstältere Version</td>
<td colspan='2' style="background-color: white; color:black;">Version vom 7. Januar 2011, 16:07 Uhr</td>
</tr><tr><td colspan="2" class="diff-lineno">Zeile 14:</td>
<td colspan="2" class="diff-lineno">Zeile 14:</td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>                 mod state state (RELATED ESTABLISHED);</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>                 mod state state (RELATED ESTABLISHED);</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         interface lo;</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>         interface lo;</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">         </del>protocol (icmp esp ah);</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">         </ins>protocol (icmp esp ah);</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">         </del>protocol udp dport 500;</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">         </ins>protocol udp dport 500;</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>protocol tcp {</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>protocol tcp {</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">     </del>dport (http smtp);</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">     </ins>dport (http smtp);</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">     </del>dport ssh mod hashlimit</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">     </ins>dport ssh mod hashlimit</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">     </del>hashlimit 10/min</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">     </ins>hashlimit 10/min</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">     </del>hashlimit-mode srcip</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">     </ins>hashlimit-mode srcip</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline">     </del>hashlimit-name ssh;</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline">     </ins>hashlimit-name ssh;</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="background: #ffa; color:black; font-size: smaller;"><div><del class="diffchange diffchange-inline"> </del>}</div></td><td class='diff-marker'>+</td><td style="background: #cfc; color:black; font-size: smaller;"><div><ins class="diffchange diffchange-inline"> </ins>}</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>             }</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>             }</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>             LOG log-prefix "reject-in ";</div></td><td class='diff-marker'> </td><td style="background: #eee; color:black; font-size: smaller;"><div>             LOG log-prefix "reject-in ";</div></td></tr>
</table>
Netbreaker
http://mediawiki.netbreaker.de/mediawiki/index.php?title=Ferm&diff=431&oldid=prev
Netbreaker: Die Seite wurde neu angelegt: ~# aptitude install ferm Beispielkonfiguration: /etc/ferm# cat ferm.conf # ferm rules generated by import-ferm # http://ferm.foo-projects.org/ hook pre "modprobe ...
2011-01-06T16:12:13Z
<p>Die Seite wurde neu angelegt: ~# aptitude install ferm Beispielkonfiguration: /etc/ferm# cat ferm.conf # ferm rules generated by import-ferm # http://ferm.foo-projects.org/ hook pre "modprobe ...</p>
<p><b>Neue Seite</b></p><div> ~# aptitude install ferm<br />
<br />
Beispielkonfiguration:<br />
/etc/ferm# cat ferm.conf<br />
# ferm rules generated by import-ferm<br />
# http://ferm.foo-projects.org/<br />
hook pre "modprobe nf_conntrack_ftp";<br />
#hook pre "modprobe nf_nat_ftp";<br />
domain ip {<br />
table filter {<br />
chain INPUT {<br />
policy DROP;<br />
ACCEPT {<br />
mod state state (RELATED ESTABLISHED);<br />
interface lo;<br />
protocol (icmp esp ah);<br />
protocol udp dport 500;<br />
protocol tcp {<br />
dport (http smtp);<br />
dport ssh mod hashlimit<br />
hashlimit 10/min<br />
hashlimit-mode srcip<br />
hashlimit-name ssh;<br />
}<br />
}<br />
LOG log-prefix "reject-in ";<br />
REJECT;<br />
}<br />
chain FORWARD { policy DROP; REJECT; }<br />
chain OUTPUT {<br />
policy DROP;<br />
ACCEPT {<br />
mod state state (RELATED ESTABLISHED);<br />
outerface lo;<br />
protocol udp dport domain daddr 192.168.4.100;<br />
mod owner uid-owner (root rico);<br />
}<br />
LOG log-prefix reject-out;<br />
REJECT;<br />
}<br />
}<br />
table nat {<br />
chain POSTROUTING {<br />
policy ACCEPT;<br />
mod mark mark 0x25 MASQUERADE;<br />
}<br />
chain INPUT policy ACCEPT;<br />
chain OUTPUT policy ACCEPT;<br />
chain PREROUTING policy ACCEPT;<br />
}<br />
table mangle {<br />
chain OUTPUT {<br />
policy ACCEPT;<br />
protocol tcp dport 25 MARK set-xmark 0x25/0xffffffff;<br />
}<br />
chain FORWARD policy ACCEPT;<br />
chain INPUT policy ACCEPT;<br />
chain PREROUTING policy ACCEPT;<br />
chain POSTROUTING policy ACCEPT;<br />
}<br />
}</div>
Netbreaker