OpenVZ Forum


Home » General » Support » APF on hardware node
Re: APF on hardware node [message #15177 is a reply to message #15170] Fri, 20 July 2007 14:18 Go to previous messageGo to previous message
ugob is currently offline  ugob
Messages: 271
Registered: March 2007
Senior Member
These rules are working (I added venet0 to trusted interface)


Chain INPUT (policy ACCEPT 1 packets, 78 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  venet0 *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       69.63.144.19         0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       69.63.144.15         0.0.0.0/0           tcp dpt:22 
  181 13802 ACCEPT     tcp  --  *      *       71.252.120.209       0.0.0.0/0           tcp dpt:22 
    0     0 ACCEPT     tcp  --  *      *       74.59.221.180        0.0.0.0/0           tcp dpt:22 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:135:139 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:135:139 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:111 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:111 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:513 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:513 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:520 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:520 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:445 
    2    96 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1433 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1433 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1434 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1434 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1234 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1234 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1524 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1524 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3127 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:3127 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x00 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x03/0x03 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x06 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x05/0x05 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x11/0x01 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x30/0x20 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x18/0x08 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x29 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x37 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x3F 
    0     0 IN_SANITY  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:0x3F/0x01 
    0     0 FUDP       udp  -f  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 PZ         udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:0 
    0     0 PZ         tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:0 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1214 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:1214 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2323 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:2323 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:4660:4678 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:4660:4678 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6257 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:6257 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6699 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:6699 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6346 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:6346 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6347 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:6347 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpts:6881:6889 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpts:6881:6889 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:6346 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:6346 reject-with icmp-port-unreachable 
    0     0 REJECT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:7778 reject-with icmp-port-unreachable 
    0     0 REJECT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp dpt:7778 reject-with icmp-port-unreachable 
    0     0 TELNET_LOG  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:23 state NEW 
    0     0 SSH_LOG    tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5666 
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 3 limit: avg 30/sec burst 5 
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 5 limit: avg 30/sec burst 5 
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 11 limit: avg 30/sec burst 5 
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 0 limit: avg 30/sec burst 5 
    0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 30 limit: avg 30/sec burst 5 
   20  1220 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 30/sec burst 5 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x16/0x02 state NEW 
   37  2404 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
   70  5531 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  eth0   *       69.63.129.15         0.0.0.0/0           udp spt:53 dpts:1023:65535 
    0     0 ACCEPT     tcp  --  eth0   *       69.63.129.15         0.0.0.0/0           tcp spt:53 dpts:1023:65535 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 dpts:1023:65535 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:53 dpts:1023:65535 
    0     0 ACCEPT     udp  --  eth0   *       69.63.129.16         0.0.0.0/0           udp spt:53 dpts:1023:65535 
    0     0 ACCEPT     tcp  --  eth0   *       69.63.129.16         0.0.0.0/0           tcp spt:53 dpts:1023:65535 
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spt:53 dpts:1023:65535 
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           udp spt:53 dpts:1023:65535 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp spts:1023:65535 dpt:21 state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           multiport dports 21,20 state RELATED,ESTABLISHED 
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           multiport dports 21,20 state RELATED,ESTABLISHED 
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
...

[ Show the rest of the message ]


Please read the manual before asking questions:
http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf

Please have a look at the wiki before asking questions:
http://wiki.openvz.org/Main_Page

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: WH Manager / control panel
Next Topic: *SOLVED* SMP kernel vs PAE
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Oct 26 07:17:54 GMT 2025

Total time taken to generate the page: 0.08641 seconds
Powered by FUDforum Powered by Virtuozzo Containers