[psad-discuss] Iptable rules/chain can't be createed by psad.
Brought to you by:
mbr
Menu
▾
▴
[psad-discuss] Iptable rules/chain can't be createed by psad.
|
From: bryn1u85 . <m.b...@gm...> - 2017-04-26 20:31:41
|
Hello, I have bought and studying a book of PSAD written by Michael R. Few changes has been changed like iptables LOG policy. This is my iptables policy: ### flush existing rules and set chain policy setting to DROP echo "[+] Flushing existing iptables rules..." $IPTABLES -F $IPTABLES -F -t nat $IPTABLES -X $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT ACCEPT $IPTABLES -P FORWARD DROP ### this policy does not handle IPv6 traffic except to drop it. # echo "[+] Disabling IPv6 traffic..." $IP6TABLES -P INPUT DROP $IP6TABLES -P OUTPUT DROP $IP6TABLES -P FORWARD DROP ### load connection-tracking modules # $MODPROBE ip_conntrack $MODPROBE iptable_nat $MODPROBE ip_conntrack_ftp $MODPROBE ip_nat_ftp ###### INPUT chain ###### # echo "[+] Setting up INPUT chain..." ### ipset countries block: iptables -A INPUT -m set --match-set blockcountries src -j DROP # $IPTABLES -A INPUT -m conntrack --ctstate INVALID -j DROP $IPTABLES -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT #$IPTABLES -A INPUT -p tcp --dport 20 -m conntrack --ctstate NEW -j ACCEPT #$IPTABLES -A INPUT -p tcp --dport 21 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 25 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 43 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 113 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp -m multiport --dports 25,143,110,587,993,995 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 4444 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 5566 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 6666 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 6667 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 30033 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 10011 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 9987 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT $IPTABLES -A INPUT -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT #### PSAD: $IPTABLES -A INPUT -j LOG $IPTABLES -A FORWARD -j LOG After that i dont see any chains in iptables only rules as above. [root@proton firewall]# psad --fw-list [+] Listing chains from IPT_AUTO_CHAIN keywords... [root@proton firewall]# There empty :(( What am i doing wrong ??. I have found few describes blogs about psad and for others it works. Thank you, |
