View Single Post
  #1  
Old 22nd January 2010, 13:50
vaio1 vaio1 is offline
Senior Member
 
Join Date: Jul 2007
Location: Italy
Posts: 664
Thanks: 77
Thanked 12 Times in 7 Posts
Default ISPConfig and IPTABLES - Trash Automatic Setting??

Hi guys,

I have seen for the first time today the rules generated by the ISPConfig application. Many users in various IRC chat told me that are only trash! Is it possible?

These are the IpTables generated by ISPConfig:

Code:
# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       tcp  --  anywhere             127.0.0.0/8         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
PUB_IN     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            
PUB_OUT    all  --  anywhere             anywhere            

Chain INT_IN (0 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain INT_OUT (0 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain PAROLE (11 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain PUB_IN (4 references)
target     prot opt source               destination         
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ssh 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:hosts2-ns 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ndmp 
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
DROP       icmp --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain PUB_OUT (4 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere
how can rewrite them or improve them?
Reply With Quote
Sponsored Links