pred spustenim firestarteru:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
LOG all -- 127.0.0.0/8 anywhere LOG level warning
DROP all -- 127.0.0.0/8 anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
DROP all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 192.168.15.195
ACCEPT all -- anywhere 192.168.15.255
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere 192.168.0.0/24
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 255.255.255.255
ACCEPT all -- anywhere 192.168.0.0/24
ACCEPT !tcp -- anywhere BASE-ADDRESS.MCAST.NET/4
DROP all -- anywhere 192.168.0.0/24
ACCEPT all -- 192.168.15.195 anywhere
ACCEPT all -- 192.168.15.255 anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
LOG all -- anywhere anywhere LOG level warning
DROP all -- anywhere anywhere
po spusteni konfiguracie a vypnuti firestarteru:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INBOUND (0 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.2 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
po opatovnom spusteni firestarteru:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- ns.gtsi.sk anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns.gtsi.sk anywhere
ACCEPT tcp -- ns2.telecom.sk anywhere tcp flags:!FIN,SYN,RST,ACK/SYN
ACCEPT udp -- ns2.telecom.sk anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- anywhere 192.168.15.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg 10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 192.168.0.1
INBOUND all -- anywhere 192.168.15.195
INBOUND all -- anywhere 192.168.0.255
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Input'
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg 10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
ACCEPT udp -- anywhere 192.168.0.0/24 state RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Forward'
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 192.168.15.195 ns.gtsi.sk tcp dpt:domain
ACCEPT udp -- 192.168.15.195 ns.gtsi.sk udp dpt:domain
ACCEPT tcp -- 192.168.15.195 ns2.telecom.sk tcp dpt:domain
ACCEPT udp -- 192.168.15.195 ns2.telecom.sk udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix `Unknown Output'
Chain INBOUND (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 192.168.0.2 anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT udp -- anywhere anywhere udp dpt:www
LSI all -- anywhere anywhere
Chain LOG_FILTER (5 references)
target prot opt source destination
Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere
Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere