Я пытаюсь создать iptables
для защиты моей системы. После сохранения iptables я не могу подключиться ни к одной веб-странице (через браузер или wget). Возможно, это связано с DNS? Я попытался получить доступ к http://74.125.71.103
, и он тоже не подключится.
Ниже приведены мои правила iptables:
#!/bin/bash #Clear existing rule iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X #Clear existing rule #Drop all input. iptables -P INPUT DROP #Accept output or forward iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT #Accept local data transfer iptables -A INPUT -i lo -j ACCEPT #Log to /var/log/messages iptables -A INPUT -j LOG --log-level 4 #Accept ssh connection iptables -A INPUT -p tcp --dport 22 -j ACCEPT #Accept http connection iptables -A INPUT -p tcp --dport 80 -j ACCEPT #Accept ping reply iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT #Limit ping request per 2/s one. iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 30/m --limit-burst 1 -j ACCEPT #If over than 2/s, drop iptables -A INPUT -p icmp --icmp-type echo-request -j DROP #?????? iptables -N syn-flood #?????? iptables -A syn-flood -m limit --limit 50/s --limit-burst 10 -j RETURN #?????? iptables -A syn-flood -j DROP #?????? iptables -I INPUT -j syn-flood
/ Вар / Журнал / системный журнал
Aug 10 11:47:56 daivd-VirtualBox kernel: [ 6257.401990] IN=eth0 OUT= MAC=08:00:27:6a:eb:c3:10:56:ca:03:de:ac:08:00 SRC=74.125.71.103 DST=10.10.11.40 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15037 PROTO=TCP SPT=80 DPT=33029 WINDOW=14180 RES=0x00 ACK SYN URGP=0 Aug 10 11:47:56 daivd-VirtualBox kernel: [ 6257.658071] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:70:56:81:bc:2e:2d:08:00 SRC=10.10.10.242 DST=255.255.255.255 LEN=139 TOS=0x00 PREC=0x00 TTL=64 ID=33713 PROTO=UDP SPT=17500 DPT=17500 LEN=119 Aug 10 11:47:56 daivd-VirtualBox kernel: [ 6257.658494] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:70:56:81:bc:2e:2d:08:00 SRC=10.10.10.242 DST=10.10.255.255 LEN=139 TOS=0x00 PREC=0x00 TTL=64 ID=20162 PROTO=UDP SPT=17500 DPT=17500 LEN=119 Aug 10 11:47:57 daivd-VirtualBox kernel: [ 6257.799861] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:16:0a:2d:2a:08:00 SRC=10.10.10.222 DST=255.255.255.255 LEN=215 TOS=0x00 PREC=0x00 TTL=128 ID=27336 PROTO=UDP SPT=17500 DPT=17500 LEN=195 Aug 10 11:47:57 daivd-VirtualBox kernel: [ 6257.802066] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:16:0a:2d:2a:08:00 SRC=10.10.10.222 DST=255.255.255.255 LEN=215 TOS=0x00 PREC=0x00 TTL=128 ID=27337 PROTO=UDP SPT=17500 DPT=17500 LEN=195 Aug 10 11:47:57 daivd-VirtualBox kernel: [ 6257.804386] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:16:0a:2d:2a:08:00 SRC=10.10.10.222 DST=10.10.255.255 LEN=215 TOS=0x00 PREC=0x00 TTL=128 ID=27338 PROTO=UDP SPT=17500 DPT=17500 LEN=195 Aug 10 11:47:58 daivd-VirtualBox kernel: [ 6258.928197] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=29997 PROTO=UDP SPT=58306 DPT=2654 LEN=320 Aug 10 11:47:58 daivd-VirtualBox kernel: [ 6258.931578] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=349 TOS=0x00 PREC=0x00 TTL=128 ID=29998 PROTO=UDP SPT=58307 DPT=2654 LEN=329 Aug 10 11:47:58 daivd-VirtualBox kernel: [ 6259.127332] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:de:73:e7:08:00 SRC=10.10.10.137 DST=10.10.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=19951 PROTO=UDP SPT=65239 DPT=1947 LEN=48 Aug 10 11:47:58 daivd-VirtualBox kernel: [ 6259.231502] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=181 PROTO=UDP SPT=51641 DPT=10019 LEN=136 Aug 10 11:47:58 daivd-VirtualBox kernel: [ 6259.349181] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=140 TOS=0x00 PREC=0x00 TTL=128 ID=14095 PROTO=UDP SPT=17500 DPT=17500 LEN=120 Aug 10 11:47:59 daivd-VirtualBox kernel: [ 6259.845218] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14099 PROTO=UDP SPT=63475 DPT=61117 LEN=52 Aug 10 11:47:59 daivd-VirtualBox kernel: [ 6260.255308] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=186 PROTO=UDP SPT=61588 DPT=10019 LEN=136 Aug 10 11:48:00 daivd-VirtualBox kernel: [ 6261.175927] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=189 PROTO=UDP SPT=61591 DPT=10019 LEN=136 Aug 10 11:48:00 daivd-VirtualBox kernel: [ 6261.585895] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:17:84:08:00 SRC=10.10.10.150 DST=255.255.255.255 LEN=179 TOS=0x00 PREC=0x00 TTL=128 ID=9256 PROTO=UDP SPT=17500 DPT=17500 LEN=159 Aug 10 11:48:00 daivd-VirtualBox kernel: [ 6261.591672] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:17:84:08:00 SRC=10.10.10.150 DST=10.10.255.255 LEN=179 TOS=0x00 PREC=0x00 TTL=128 ID=9257 PROTO=UDP SPT=17500 DPT=17500 LEN=159 Aug 10 11:48:01 daivd-VirtualBox kernel: [ 6261.898906] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30004 PROTO=UDP SPT=58308 DPT=2654 LEN=320 Aug 10 11:48:02 daivd-VirtualBox kernel: [ 6263.225809] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=195 PROTO=UDP SPT=50581 DPT=10019 LEN=136 Aug 10 11:48:03 daivd-VirtualBox kernel: [ 6264.248651] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=202 PROTO=UDP SPT=51358 DPT=10019 LEN=136 Aug 10 11:48:04 daivd-VirtualBox kernel: [ 6264.862692] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14116 PROTO=UDP SPT=63475 DPT=61117 LEN=52 Aug 10 11:48:04 daivd-VirtualBox kernel: [ 6264.965751] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:3a:08:00 SRC=10.10.11.6 DST=255.255.255.255 LEN=252 TOS=0x00 PREC=0x00 TTL=128 ID=26137 PROTO=UDP SPT=17500 DPT=17500 LEN=232 Aug 10 11:48:04 daivd-VirtualBox kernel: [ 6264.968274] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:3a:08:00 SRC=10.10.11.6 DST=10.10.255.255 LEN=252 TOS=0x00 PREC=0x00 TTL=128 ID=26138 PROTO=UDP SPT=17500 DPT=17500 LEN=232 Aug 10 11:48:04 daivd-VirtualBox kernel: [ 6264.971535] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30008 PROTO=UDP SPT=58310 DPT=2654 LEN=320 Aug 10 11:48:05 daivd-VirtualBox kernel: [ 6266.296596] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=204 PROTO=UDP SPT=51364 DPT=10019 LEN=136 Aug 10 11:48:06 daivd-VirtualBox kernel: [ 6267.217873] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=206 PROTO=UDP SPT=51367 DPT=10019 LEN=136 Aug 10 11:48:07 daivd-VirtualBox kernel: [ 6268.038646] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30012 PROTO=UDP SPT=58312 DPT=2654 LEN=320 Aug 10 11:48:07 daivd-VirtualBox kernel: [ 6268.041875] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=349 TOS=0x00 PREC=0x00 TTL=128 ID=30013 PROTO=UDP SPT=58313 DPT=2654 LEN=329 Aug 10 11:48:07 daivd-VirtualBox kernel: [ 6268.241592] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=207 PROTO=UDP SPT=51370 DPT=10019 LEN=136 Aug 10 11:48:09 daivd-VirtualBox kernel: [ 6269.879465] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14131 PROTO=UDP SPT=63475 DPT=61117 LEN=52 Aug 10 11:48:09 daivd-VirtualBox kernel: [ 6270.189338] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:24:1d:76:a7:5f:08:00 SRC=10.10.10.138 DST=255.255.255.255 LEN=324 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=304 Aug 10 11:48:09 daivd-VirtualBox kernel: [ 6270.292031] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=209 PROTO=UDP SPT=51376 DPT=10019 LEN=136 Aug 10 11:48:09 daivd-VirtualBox kernel: [ 6270.296862] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:13:08:00 SRC=10.10.10.162 DST=10.10.255.255 LEN=213 TOS=0x00 PREC=0x00 TTL=128 ID=7101 PROTO=UDP SPT=17500 DPT=17500 LEN=193 Aug 10 11:48:10 daivd-VirtualBox kernel: [ 6271.008001] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30019 PROTO=UDP SPT=58314 DPT=2654 LEN=320 Aug 10 11:48:10 daivd-VirtualBox kernel: [ 6271.313573] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=211 PROTO=UDP SPT=51379 DPT=10019 LEN=136 Aug 10 11:48:11 daivd-VirtualBox kernel: [ 6272.346588] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=214 PROTO=UDP SPT=58513 DPT=10019 LEN=136 Aug 10 11:48:13 daivd-VirtualBox kernel: [ 6273.978028] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30022 PROTO=UDP SPT=58316 DPT=2654 LEN=320 Aug 10 11:48:13 daivd-VirtualBox kernel: [ 6273.981011] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=347 TOS=0x00 PREC=0x00 TTL=128 ID=30023 PROTO=UDP SPT=58317 DPT=2654 LEN=327 Aug 10 11:48:13 daivd-VirtualBox kernel: [ 6274.283547] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=216 PROTO=UDP SPT=58519 DPT=10019 LEN=136 Aug 10 11:48:14 daivd-VirtualBox kernel: [ 6274.900480] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14151 PROTO=UDP SPT=63475 DPT=61117 LEN=52 Aug 10 11:48:14 daivd-VirtualBox kernel: [ 6275.205953] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:de:75:f9:08:00 SRC=10.10.10.173 DST=255.255.255.255 LEN=251 TOS=0x00 PREC=0x00 TTL=128 ID=23940 PROTO=UDP SPT=17500 DPT=17500 LEN=231 Aug 10 11:48:15 daivd-VirtualBox kernel: [ 6276.331356] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=218 PROTO=UDP SPT=58525 DPT=10019 LEN=136 Aug 10 11:48:16 daivd-VirtualBox kernel: [ 6277.049930] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30030 PROTO=UDP SPT=58318 DPT=2654 LEN=320 Aug 10 11:48:16 daivd-VirtualBox kernel: [ 6277.253796] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=220 PROTO=UDP SPT=58528 DPT=10019 LEN=136
Есть идеи, почему я не могу получить доступ к Интернету?
Дополнительная информация: я могу успешно 74.125.71.103
, но не могу пропинговать www.google.com
Это связано с моей проблемой?
daivd@daivd-VirtualBox:~/Desktop/Script$ ping 74.125.71.103 PING 74.125.71.103 (74.125.71.103) 56(84) bytes of data. 64 bytes from 74.125.71.103: icmp_req=1 ttl=54 time=148 ms 64 bytes from 74.125.71.103: icmp_req=2 ttl=54 time=14.9 ms 64 bytes from 74.125.71.103: icmp_req=3 ttl=54 time=9.37 ms ^C --- 74.125.71.103 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 9.371/57.686/148.765/64.442 ms daivd@daivd-VirtualBox:~/Desktop/Script$ ping www.google.com ping: unknown host www.google.com