Перейти до

Futura

Сitizens
  • Всього повідомлень

    144
  • Приєднався

  • Останній візит

  • Дней в лидерах

    4

Все, що було написано Futura

  1. Futura

    Продам Ubiquiti NanoBeam M5-300

    В наличии 1 шт. Цена 1200 грн.
  2. Futura

    Куплю Edge-core ES3552M

    Купил, тема закрыта.
  3. Futura

    Куплю Edge-core ES3552M

    Куплю.
  4. Futura

    Продам Ubiquiti NanoBridge M5-22

    В продаже.
  5. Futura

    Продам Ubiquiti NanoBeam M5-300

    В продаже.
  6. Futura

    Продам Ubiquiti NanoBridge M5-22

    В наличии 1 шт. Цена 1200 грн.
  7. Futura

    Продам Ubiquiti NanoBeam M5-300

    В наличии 1 шт. Цена 1250 грн.
  8. Futura

    Куплю Edge-core ES3552M

    Куплю.
  9. Продолжение истории, сегодня звонок с этого адреса. Просят помочь с установкой роутера, так как купили бабуле планшет и оплачивают интернет.
  10. Futura

    Куплю Edge-core ES3552M

    Куплю.
  11. Futura

    Продам NanoStation Loco M5

    Продано.
  12. Futura

    Продам ONU Huawei HG8010 GPON

    Продано.
  13. Б/у, в рабочем состоянии.
  14. Futura

    Продам NanoStation Loco M5

    В наличии 1ш, комплект.
  15. Б/у, в рабочем состоянии. Цена 500 грн.
  16. Futura

    Продажа сети

    За какой период времени построили это "царство" ?
  17. Futura

    Продам Ubiquiti Nanostation M5 - 2 шт.

    Продано.
  18. Futura

    Продам NanoStation Loco M5

    Продано.
  19. Futura

    Продам Ubiquiti NanoBeam M5-300

    Продано.
  20. Futura

    Продам Ubiquiti NanoBridge M5-22

    Продано.
  21. Futura

    Маршрутизация внешнего IP-адреса

    Спасибо, KaYot, все заработало. iptables -A FORWARD -d <IP> -j ACCEPT
  22. Futura

    Маршрутизация внешнего IP-адреса

    не подскажите пример такого правила?
  23. Futura

    Маршрутизация внешнего IP-адреса

    iptables-save: # Generated by iptables-save v1.4.14 on Wed Jul 27 12:15:49 2016 *nat :PREROUTING ACCEPT [3987:281961] :INPUT ACCEPT [3:152] :OUTPUT ACCEPT [19:4222] :POSTROUTING ACCEPT [41:6022] :NAT_POSTROUTING_CHAIN - [0:0] :NAT_PREROUTING_CHAIN - [0:0] :POST_NAT_POSTROUTING_CHAIN - [0:0] :POST_NAT_PREROUTING_CHAIN - [0:0] -A PREROUTING -j NAT_PREROUTING_CHAIN -A PREROUTING -j POST_NAT_PREROUTING_CHAIN -A POSTROUTING -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A POSTROUTING -j NAT_POSTROUTING_CHAIN -A POSTROUTING -s 172.16.0.0/24 ! -d 172.16.0.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -j POST_NAT_POSTROUTING_CHAIN COMMIT # Completed on Wed Jul 27 12:15:49 2016 # Generated by iptables-save v1.4.14 on Wed Jul 27 12:15:49 2016 *mangle :PREROUTING ACCEPT [139177:95701247] :INPUT ACCEPT [2095:131364] :FORWARD ACCEPT [137017:95563314] :OUTPUT ACCEPT [142:34572] :POSTROUTING ACCEPT [137069:95572872] COMMIT # Completed on Wed Jul 27 12:15:49 2016 # Generated by iptables-save v1.4.14 on Wed Jul 27 12:15:49 2016 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] :BASE_FORWARD_CHAIN - [0:0] :BASE_INPUT_CHAIN - [0:0] :BASE_OUTPUT_CHAIN - [0:0] :DMZ_FORWARD_IN_CHAIN - [0:0] :DMZ_FORWARD_OUT_CHAIN - [0:0] :DMZ_INET_FORWARD_CHAIN - [0:0] :DMZ_INPUT_CHAIN - [0:0] :DMZ_LAN_FORWARD_CHAIN - [0:0] :DMZ_OUTPUT_CHAIN - [0:0] :EXT_BROADCAST_CHAIN - [0:0] :EXT_FORWARD_IN_CHAIN - [0:0] :EXT_FORWARD_OUT_CHAIN - [0:0] :EXT_ICMP_FLOOD_CHAIN - [0:0] :EXT_INPUT_CHAIN - [0:0] :EXT_MULTICAST_CHAIN - [0:0] :EXT_OUTPUT_CHAIN - [0:0] :FORWARD_CHAIN - [0:0] :HOST_BLOCK_DROP - [0:0] :HOST_BLOCK_DST - [0:0] :HOST_BLOCK_SRC - [0:0] :INET_DMZ_FORWARD_CHAIN - [0:0] :INPUT_CHAIN - [0:0] :INT_FORWARD_IN_CHAIN - [0:0] :INT_FORWARD_OUT_CHAIN - [0:0] :INT_INPUT_CHAIN - [0:0] :INT_OUTPUT_CHAIN - [0:0] :LAN_INET_FORWARD_CHAIN - [0:0] :OUTPUT_CHAIN - [0:0] :POST_FORWARD_CHAIN - [0:0] :POST_INPUT_CHAIN - [0:0] :POST_INPUT_DROP_CHAIN - [0:0] :POST_OUTPUT_CHAIN - [0:0] :RESERVED_NET_CHK - [0:0] :SPOOF_CHK - [0:0] :VALID_CHK - [0:0] -A INPUT -j BASE_INPUT_CHAIN -A INPUT -j INPUT_CHAIN -A INPUT -j HOST_BLOCK_SRC -A INPUT -j SPOOF_CHK -A INPUT -i eth0 -j VALID_CHK -A INPUT -i eth0 ! -p icmp -m state --state NEW -j EXT_INPUT_CHAIN -A INPUT -i eth0 -p icmp -m state --state NEW -m limit --limit 60/sec --limit-burst 100 -j EXT_INPUT_CHAIN -A INPUT -i eth0 -p icmp -m state --state NEW -j EXT_ICMP_FLOOD_CHAIN -A INPUT -i ppp+ -j INT_INPUT_CHAIN -A INPUT -j POST_INPUT_CHAIN -A INPUT -m limit --limit 1/sec -j LOG --log-prefix "AIF:Dropped INPUT packet: " --log-level 6 -A INPUT -j DROP -A OUTPUT -j BASE_OUTPUT_CHAIN -A OUTPUT -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A OUTPUT -j OUTPUT_CHAIN -A OUTPUT -j HOST_BLOCK_DST -A OUTPUT -f -m limit --limit 3/min -j LOG --log-prefix "AIF:Fragment packet: " --log-level 6 -A OUTPUT -f -j DROP -A OUTPUT -o eth0 -j EXT_OUTPUT_CHAIN -A OUTPUT -o ppp+ -j INT_OUTPUT_CHAIN -A OUTPUT -j POST_OUTPUT_CHAIN -A OUTPUT -j ACCEPT -A BASE_FORWARD_CHAIN -m state --state ESTABLISHED -j ACCEPT -A BASE_FORWARD_CHAIN -p tcp -m state --state RELATED -m tcp --dport 1024:65535 -j ACCEPT -A BASE_FORWARD_CHAIN -p udp -m state --state RELATED -m udp --dport 1024:65535 -j ACCEPT -A BASE_FORWARD_CHAIN -p icmp -m state --state RELATED -j ACCEPT -A BASE_FORWARD_CHAIN -i lo -j ACCEPT -A BASE_INPUT_CHAIN -m state --state ESTABLISHED -j ACCEPT -A BASE_INPUT_CHAIN -p tcp -m state --state RELATED -m tcp --dport 1024:65535 -j ACCEPT -A BASE_INPUT_CHAIN -p udp -m state --state RELATED -m udp --dport 1024:65535 -j ACCEPT -A BASE_INPUT_CHAIN -p icmp -m state --state RELATED -j ACCEPT -A BASE_INPUT_CHAIN -i lo -j ACCEPT -A BASE_OUTPUT_CHAIN -m state --state ESTABLISHED -j ACCEPT -A BASE_OUTPUT_CHAIN -o lo -j ACCEPT -A EXT_BROADCAST_CHAIN -p tcp -m tcp --dport 0:1023 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "AIF:PRIV TCP broadcast: " --log-level 6 -A EXT_BROADCAST_CHAIN -p udp -m udp --dport 0:1023 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "AIF:PRIV UDP broadcast: " --log-level 6 -A EXT_BROADCAST_CHAIN -p tcp -m tcp --dport 1024:65535 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "AIF:UNPRIV TCP broadcast: " --log-level 6 -A EXT_BROADCAST_CHAIN -p udp -m udp --dport 1024 -m limit --limit 6/min --limit-burst 2 -j LOG --log-prefix "AIF:UNPRIV UDP broadcast: " --log-level 6 -A EXT_BROADCAST_CHAIN -j DROP -A EXT_FORWARD_IN_CHAIN -j VALID_CHK -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 3 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-unreachable flood: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 3 -j POST_INPUT_DROP_CHAIN -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 11 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-time-exceeded fld: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 11 -j POST_INPUT_DROP_CHAIN -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 12 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-param-problem fld: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 12 -j POST_INPUT_DROP_CHAIN -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-request(ping) fld: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 8 -j POST_INPUT_DROP_CHAIN -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 0 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-reply(pong) flood: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 0 -j POST_INPUT_DROP_CHAIN -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 4 -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-source-quench fld: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -m icmp --icmp-type 4 -j POST_INPUT_DROP_CHAIN -A EXT_ICMP_FLOOD_CHAIN -p icmp -m limit --limit 12/hour --limit-burst 1 -j LOG --log-prefix "AIF:ICMP(other) flood: " --log-level 6 -A EXT_ICMP_FLOOD_CHAIN -p icmp -j POST_INPUT_DROP_CHAIN -A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0 -m limit --limit 6/hour --limit-burst 1 -j LOG --log-prefix "AIF:Port 0 OS fingerprint: " --log-level 6 -A EXT_INPUT_CHAIN -p udp -m udp --dport 0 -m limit --limit 6/hour --limit-burst 1 -j LOG --log-prefix "AIF:Port 0 OS fingerprint: " --log-level 6 -A EXT_INPUT_CHAIN -p tcp -m tcp --dport 0 -j POST_INPUT_DROP_CHAIN -A EXT_INPUT_CHAIN -p udp -m udp --dport 0 -j POST_INPUT_DROP_CHAIN -A EXT_INPUT_CHAIN -p tcp -m tcp --sport 0 -m limit --limit 6/hour -j LOG --log-prefix "AIF:TCP source port 0: " --log-level 6 -A EXT_INPUT_CHAIN -p udp -m udp --sport 0 -m limit --limit 6/hour -j LOG --log-prefix "AIF:UDP source port 0: " --log-level 6 -A EXT_INPUT_CHAIN -p tcp -m tcp --sport 0 -j POST_INPUT_DROP_CHAIN -A EXT_INPUT_CHAIN -p udp -m udp --sport 0 -j POST_INPUT_DROP_CHAIN -A EXT_INPUT_CHAIN -p tcp -m tcp --dport 9898 -j ACCEPT -A EXT_INPUT_CHAIN -p tcp -m tcp --dport 9443 -j ACCEPT -A EXT_INPUT_CHAIN -p tcp -m tcp --dport 9000:9010 -j ACCEPT -A EXT_INPUT_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 20/sec --limit-burst 100 -j ACCEPT -A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "AIF:ICMP-request: " --log-level 6 -A LAN_INET_FORWARD_CHAIN -p icmp -m icmp --icmp-type 8 -j DROP -A LAN_INET_FORWARD_CHAIN -j ACCEPT -A POST_INPUT_DROP_CHAIN -j DROP -A SPOOF_CHK -s 192.168.4.0/24 -i ppp+ -j RETURN -A SPOOF_CHK -s 192.168.4.0/24 -m limit --limit 3/min -j LOG --log-prefix "AIF:Spoofed packet: " --log-level 6 -A SPOOF_CHK -s 192.168.4.0/24 -j POST_INPUT_DROP_CHAIN -A SPOOF_CHK -j RETURN -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth XMAS scan: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth XMAS-PSH scan: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth XMAS-ALL scan: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth FIN scan: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth SYN/RST scan: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth SYN/FIN scan?: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -m limit --limit 3/min -j LOG --log-prefix "AIF:Stealth Null scan: " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-option 64 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "AIF:Bad TCP flag(64): " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-option 128 -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "AIF:Bad TCP flag(128): " --log-level 6 -A VALID_CHK -p tcp -m tcp --tcp-option 64 -j POST_INPUT_DROP_CHAIN -A VALID_CHK -p tcp -m tcp --tcp-option 128 -j POST_INPUT_DROP_CHAIN -A VALID_CHK -m state --state INVALID -j POST_INPUT_DROP_CHAIN -A VALID_CHK -f -m limit --limit 3/min --limit-burst 1 -j LOG --log-prefix "AIF:Fragment packet: " -A VALID_CHK -f -j DROP COMMIT # Completed on Wed Jul 27 12:15:49 2016
  24. Futura

    Маршрутизация внешнего IP-адреса

    через abills
  25. Futura

    Маршрутизация внешнего IP-адреса

    сетку никак не прописывали, выдаем IP клиенту через PPPoE
×
×
  • Створити нове...