Difference between revisions of "SSH"
From dbawiki
(→Add this to /stc/ssh/sshrc to get the magic cookies added automatically) |
|||
| Line 13: | Line 13: | ||
* [http://www.revsys.com/writings/quicktips/ssh-tunnel.html http://www.revsys.com/writings/quicktips/ssh-tunnel.html] | * [http://www.revsys.com/writings/quicktips/ssh-tunnel.html http://www.revsys.com/writings/quicktips/ssh-tunnel.html] | ||
* [http://serverfault.com/questions/33283/how-to-setup-ssh-tunnel-to-forward-ssh?rq=1 how-to-setup-ssh-tunnel-to-forward-ssh] | * [http://serverfault.com/questions/33283/how-to-setup-ssh-tunnel-to-forward-ssh?rq=1 how-to-setup-ssh-tunnel-to-forward-ssh] | ||
| + | ===A small script (seems to originate from Oracle) that sets up ssh keys between 2 accounts=== | ||
| + | <pre> | ||
| + | |||
| + | |||
| + | if [ $# -lt 1 ]; then | ||
| + | echo Usage: $0 username@remotehost | ||
| + | exit | ||
| + | fi | ||
| + | remote="$1" # 1st command-line argument is the user@remotehost address | ||
| + | this=`hostname` # $HOST # name of client host | ||
| + | PATH=/usr/bin/ssh:$PATH | ||
| + | # first check if we need to run ssh-keygen for generating | ||
| + | # $HOME/.ssh with public and private keys: | ||
| + | if [ ! -d $HOME/.ssh ]; then | ||
| + | echo "just type RETURN for each question:" # no passphrase - unsecure | ||
| + | # generate RSA1, RSA and DSA keys: | ||
| + | echo; echo; echo | ||
| + | ssh-keygen -t rsa1 | ||
| + | echo; echo; echo | ||
| + | ssh-keygen -t rsa | ||
| + | echo; echo; echo | ||
| + | ssh-keygen -t dsa | ||
| + | else | ||
| + | # we have $HOME/.ssh, but check that we have all types of | ||
| + | # keys (RSA1, RSA, DSA): | ||
| + | if [ ! -f $HOME/.ssh/identity ]; then | ||
| + | # generate RSA1 keys: | ||
| + | echo "just type RETURN for each question:" # no passphrase - unsecure | ||
| + | ssh-keygen -t rsa1 | ||
| + | fi | ||
| + | if [ ! -f $HOME/.ssh/id_rsa ]; then | ||
| + | # generate RSA keys: | ||
| + | echo "just type RETURN for each question:" # no passphrase - unsecure | ||
| + | ssh-keygen -t rsa | ||
| + | fi | ||
| + | if [ ! -f $HOME/.ssh/id_rsa ]; then | ||
| + | # generate DSA keys: | ||
| + | echo "just type RETURN for each question:" # no passphrase - unsecure | ||
| + | ssh-keygen -t dsa | ||
| + | fi | ||
| + | if [ ! -f $HOME/.ssh/id_dsa ]; then | ||
| + | # generate DSA keys: | ||
| + | echo "just type RETURN for each question:" # no passphrase - unsecure | ||
| + | ssh-keygen -t dsa | ||
| + | fi | ||
| + | fi | ||
| + | |||
| + | |||
| + | cd $HOME/.ssh | ||
| + | |||
| + | if [ ! -f config ]; then | ||
| + | # make ssh try ssh -1 (RSA1 keys) first and then ssh -2 (DSA keys) | ||
| + | echo "Protocol 1,2" > config | ||
| + | fi | ||
| + | |||
| + | # copy public keys (all three types) to the destination host: | ||
| + | |||
| + | echo; echo; echo | ||
| + | # create .ssh on remote host if it's not there: | ||
| + | ssh $remote 'if [ ! -d .ssh ]; then mkdir .ssh; fi' | ||
| + | # copy RSA1 key: | ||
| + | scp identity.pub ${remote}:.ssh/${this}_rsa1.pub | ||
| + | # copy RSA key: | ||
| + | scp id_rsa.pub ${remote}:.ssh/${this}_rsa.pub | ||
| + | # copy DSA key: | ||
| + | scp id_dsa.pub ${remote}:.ssh/${this}_dsa.pub | ||
| + | # make authorized_keys(2) files on remote host: | ||
| + | |||
| + | echo; echo; echo | ||
| + | # this one copies all three keys: | ||
| + | ssh $remote "cd .ssh; cat ${this}_rsa1.pub >> authorized_keys; cat ${this}_rsa.pub >> authorized_keys2; cat ${this}_dsa.pub >> authorized_keys2;" | ||
| + | # this one copies RSA1 and DSA keys: | ||
| + | ssh $remote "cd .ssh; cat ${this}_rsa1.pub >> authorized_keys; cat ${this}_dsa.pub >> authorized_keys2;" | ||
| + | |||
| + | echo; echo; echo | ||
| + | echo "try an ssh $remote" | ||
| + | </pre> | ||
===Add this to /etc/ssh/sshrc to get the magic cookies added automatically=== | ===Add this to /etc/ssh/sshrc to get the magic cookies added automatically=== | ||
Revision as of 13:35, 28 July 2017
How to set up SSH so I don't have to type a password
Contents
Tunneling
Building an SSH tunnel can be very useful for working on the other side of firewalls.
- ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples
- chaining-ssh-tunnels - anattatechnologies
- howto-use-toad-over-an-ssh-tunnel
- connect-to-oracle-database-11g-server-through-ssh-tunnel
References
- http://chamibuddhika.wordpress.com/2012/03/21/ssh-tunnelling-explained/
- http://en.wikipedia.org/wiki/Tunneling_protocol
- http://www.revsys.com/writings/quicktips/ssh-tunnel.html
- how-to-setup-ssh-tunnel-to-forward-ssh
A small script (seems to originate from Oracle) that sets up ssh keys between 2 accounts
if [ $# -lt 1 ]; then
echo Usage: $0 username@remotehost
exit
fi
remote="$1" # 1st command-line argument is the user@remotehost address
this=`hostname` # $HOST # name of client host
PATH=/usr/bin/ssh:$PATH
# first check if we need to run ssh-keygen for generating
# $HOME/.ssh with public and private keys:
if [ ! -d $HOME/.ssh ]; then
echo "just type RETURN for each question:" # no passphrase - unsecure
# generate RSA1, RSA and DSA keys:
echo; echo; echo
ssh-keygen -t rsa1
echo; echo; echo
ssh-keygen -t rsa
echo; echo; echo
ssh-keygen -t dsa
else
# we have $HOME/.ssh, but check that we have all types of
# keys (RSA1, RSA, DSA):
if [ ! -f $HOME/.ssh/identity ]; then
# generate RSA1 keys:
echo "just type RETURN for each question:" # no passphrase - unsecure
ssh-keygen -t rsa1
fi
if [ ! -f $HOME/.ssh/id_rsa ]; then
# generate RSA keys:
echo "just type RETURN for each question:" # no passphrase - unsecure
ssh-keygen -t rsa
fi
if [ ! -f $HOME/.ssh/id_rsa ]; then
# generate DSA keys:
echo "just type RETURN for each question:" # no passphrase - unsecure
ssh-keygen -t dsa
fi
if [ ! -f $HOME/.ssh/id_dsa ]; then
# generate DSA keys:
echo "just type RETURN for each question:" # no passphrase - unsecure
ssh-keygen -t dsa
fi
fi
cd $HOME/.ssh
if [ ! -f config ]; then
# make ssh try ssh -1 (RSA1 keys) first and then ssh -2 (DSA keys)
echo "Protocol 1,2" > config
fi
# copy public keys (all three types) to the destination host:
echo; echo; echo
# create .ssh on remote host if it's not there:
ssh $remote 'if [ ! -d .ssh ]; then mkdir .ssh; fi'
# copy RSA1 key:
scp identity.pub ${remote}:.ssh/${this}_rsa1.pub
# copy RSA key:
scp id_rsa.pub ${remote}:.ssh/${this}_rsa.pub
# copy DSA key:
scp id_dsa.pub ${remote}:.ssh/${this}_dsa.pub
# make authorized_keys(2) files on remote host:
echo; echo; echo
# this one copies all three keys:
ssh $remote "cd .ssh; cat ${this}_rsa1.pub >> authorized_keys; cat ${this}_rsa.pub >> authorized_keys2; cat ${this}_dsa.pub >> authorized_keys2;"
# this one copies RSA1 and DSA keys:
ssh $remote "cd .ssh; cat ${this}_rsa1.pub >> authorized_keys; cat ${this}_dsa.pub >> authorized_keys2;"
echo; echo; echo
echo "try an ssh $remote"
Add this to /etc/ssh/sshrc to get the magic cookies added automatically
if read proto cookie && [ -n "$DISPLAY" ]; then
if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
# X11UseLocalhost=yes
echo add unix:`echo $DISPLAY |
cut -c11-` $proto $cookie
else
# X11UseLocalhost=no
echo add $DISPLAY $proto $cookie
fi | xauth -q -
fi
Some stuff I did to get tunnels open to an Oracle server - didn't work yet
(0)bey9at77@my_PC:/home/bey9at77/scripts> telnet 207.129.217.26 22 Trying 207.129.217.26... Connected to 207.129.217.26. Escape character is '^]'. SSH-2.0-OpenSSH_6.0 ^C Connection closed by foreign host. (0)bey9at77@my_PC:/home/bey9at77/scripts> netstat -an | grep 207 tcp 0 0 9.36.153.84:32904 9.36.207.26:22 ESTABLISHED unix 3 [ ] STREAM CONNECTED 20726525 /home/bey9at77/.pulse/202b121052083db8500c6fc00000001c-runtime/native unix 3 [ ] STREAM CONNECTED 20726524 unix 3 [ ] STREAM CONNECTED 5037207 /home/bey9at77/.pulse/202b121052083db8500c6fc00000001c-runtime/native
(0)bey9at77@my_PC:/home/bey9at77/scripts> /sbin/ifconfig
eth1 Link encap:Ethernet HWaddr 00:21:CC:65:A3:65
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:1250962 errors:0 dropped:0 overruns:0 frame:0
TX packets:975839 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:823202227 (785.0 MiB) TX bytes:187253577 (178.5 MiB)
Interrupt:20 Memory:f2500000-f2520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:548763 errors:0 dropped:0 overruns:0 frame:0
TX packets:548763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:275281528 (262.5 MiB) TX bytes:275281528 (262.5 MiB)
virbr0 Link encap:Ethernet HWaddr 52:54:00:FD:BE:C9
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:119495 errors:0 dropped:0 overruns:0 frame:0
TX packets:173181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11358048 (10.8 MiB) TX bytes:188176715 (179.4 MiB)
(0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -L [sudo] password for bey9at77: Chain INPUT (policy DROP) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:cfengine ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:vnc-server ACCEPT tcp -- anywhere anywhere tcp dpt:5901 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:5656 ACCEPT udp -- anywhere anywhere udp dpts:avt-profile-1:avt-profile-2 ACCEPT tcp -- anywhere anywhere tcp dpts:avt-profile-1:avt-profile-2 ACCEPT udp -- anywhere anywhere udp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpts:sip:na-localise ACCEPT udp -- anywhere anywhere udp dpts:sip:na-localise ACCEPT tcp -- anywhere anywhere tcp dpt:12080 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:21100 ACCEPT tcp -- anywhere anywhere tcp dpt:dc ACCEPT udp -- anywhere anywhere udp dpt:wizard ACCEPT ah -- anywhere anywhere ACCEPT esp -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp ACCEPT 254 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp router-advertisement ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:virtual-places ACCEPT udp -- anywhere anywhere state NEW udp dpt:52311 ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30005 DROP tcp -- anywhere anywhere tcp dpts:bootps:bootpc DROP udp -- anywhere anywhere udp dpts:bootps:bootpc DROP tcp -- anywhere anywhere tcp dpt:netbios-ns DROP udp -- anywhere anywhere udp dpt:netbios-ns DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm DROP udp -- anywhere anywhere udp dpt:netbios-dgm DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn DROP udp -- anywhere anywhere udp dpt:netbios-ssn DROP tcp -- anywhere anywhere tcp dpts:tcpmux:ftp-data DROP tcp -- anywhere anywhere tcp dpt:sunrpc DROP tcp -- anywhere anywhere tcp dpts:snmp:snmptrap DROP tcp -- anywhere anywhere tcp dpt:efs DROP tcp -- anywhere anywhere tcp dpts:6348:6349 DROP tcp -- anywhere anywhere tcp dpts:6345:gnutella-rtr ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere anywhere tcp dpt:48500 ACCEPT tcp -- anywhere anywhere tcp dpt:48500 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.123.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.123.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:localhost:1521 207.129.217.26 The authenticity of host '207.129.217.26 (207.129.217.26)' can't be established. RSA key fingerprint is 2d:70:2e:b4:12:48:e9:20:fd:b0:de:b1:b4:67:41:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '207.129.217.26' (RSA) to the list of known hosts. [email protected]'s password:
(0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:localhost:9099 ehemgtaix -N The authenticity of host 'ehemgtaix (207.129.107.120)' can't be established. RSA key fingerprint is 63:0a:a8:27:99:1f:32:73:8e:94:22:cd:80:b3:73:10. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ehemgtaix,207.129.107.120' (RSA) to the list of known hosts. bey9at77@ehemgtaix's password:
(0)bey9at77@my_PC:/home/bey9at77/scripts> ssh -L 1521:192.168.122.1:9099 exs4bars@ehemgtaix -N channel 1: open failed: connect failed: A remote host did not respond within the timeout period. channel 2: open failed: connect failed: A remote host did not respond within the timeout period. Connection to ehemgtaix closed by remote host. You have new mail in /var/spool/mail/bey9at77
(0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 ssh: connect to host 192.168.122.1 port 1521: Connection refused
(0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -A INPUT -i virbr0 -p tcp --dport 1521 -j ACCEPT [sudo] password for bey9at77: (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 ssh: connect to host 192.168.122.1 port 1521: Connection refused
(0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED REJECT tcp -- anywhere anywhere tcp dpt:auth reject-with icmp-port-unreachable ACCEPT tcp -- anywhere anywhere tcp dpt:cfengine ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:vnc-server ACCEPT tcp -- anywhere anywhere tcp dpt:5901 ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:5656 ACCEPT udp -- anywhere anywhere udp dpts:avt-profile-1:avt-profile-2 ACCEPT tcp -- anywhere anywhere tcp dpts:avt-profile-1:avt-profile-2 ACCEPT udp -- anywhere anywhere udp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpt:20830 ACCEPT tcp -- anywhere anywhere tcp dpts:sip:na-localise ACCEPT udp -- anywhere anywhere udp dpts:sip:na-localise ACCEPT tcp -- anywhere anywhere tcp dpt:12080 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:21100 ACCEPT tcp -- anywhere anywhere tcp dpt:dc ACCEPT udp -- anywhere anywhere udp dpt:wizard ACCEPT ah -- anywhere anywhere ACCEPT esp -- anywhere anywhere ACCEPT udp -- anywhere anywhere state NEW udp dpt:isakmp ACCEPT 254 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp router-advertisement ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT tcp -- anywhere anywhere tcp dpt:virtual-places ACCEPT udp -- anywhere anywhere state NEW udp dpt:52311 ACCEPT tcp -- anywhere anywhere tcp dpts:30000:30005 DROP tcp -- anywhere anywhere tcp dpts:bootps:bootpc DROP udp -- anywhere anywhere udp dpts:bootps:bootpc DROP tcp -- anywhere anywhere tcp dpt:netbios-ns DROP udp -- anywhere anywhere udp dpt:netbios-ns DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm DROP udp -- anywhere anywhere udp dpt:netbios-dgm DROP tcp -- anywhere anywhere tcp dpt:netbios-ssn DROP udp -- anywhere anywhere udp dpt:netbios-ssn DROP tcp -- anywhere anywhere tcp dpts:tcpmux:ftp-data DROP tcp -- anywhere anywhere tcp dpt:sunrpc DROP tcp -- anywhere anywhere tcp dpts:snmp:snmptrap DROP tcp -- anywhere anywhere tcp dpt:efs DROP tcp -- anywhere anywhere tcp dpts:6348:6349 DROP tcp -- anywhere anywhere tcp dpts:6345:gnutella-rtr ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.122.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:microsoft-ds ACCEPT tcp -- anywhere 192.168.123.1 tcp dpt:proxima-lm ACCEPT tcp -- anywhere anywhere tcp dpt:48500 ACCEPT tcp -- anywhere anywhere tcp dpt:48500 LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level info prefix `FIREWALL: ' DROP all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ncube-lm Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere 192.168.123.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.123.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> grep 1521 /etc/services ncube-lm 1521/tcp # nCube License Manager ncube-lm 1521/udp # nCube License Manager (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -n -L -v --line-numbers Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 5 6665 477K ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 7 110 36134 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 9 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 10 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 11 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 12 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 13 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 14 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 15 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 16 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 17 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 18 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 19 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 20 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 21 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 22 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 23 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 24 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 25 640K 300M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 26 1526K 1015M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 27 33099 3880K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 28 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable 29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5308 30 3 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 32 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 33 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 34 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5656 35 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5004:5005 36 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5004:5005 37 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20830 38 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20830 39 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5060:5062 40 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5062 41 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12080 42 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 43 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 44 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 45 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21100 46 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2001 47 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2001 48 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 49 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 50 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:500 51 0 0 ACCEPT 254 -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 52 37 3310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 54 912 61240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 55 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 56 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 57 3746 225K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 58 93 4400 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 59 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 60 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 61 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1533 62 160 8120 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:52311 63 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30005 64 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68 65 2175 714K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 66 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 67 71334 5594K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 68 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 69 4358 974K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 70 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 71 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 72 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:20 73 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 74 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:161:162 75 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 76 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6348:6349 77 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6345:6347 78 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:445 79 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:1445 80 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:445 81 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:1445 82 1222 63544 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 83 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 84 3878 177K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 85 6981 648K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 86 47429 4007K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 87 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 2 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 3 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 4 116K 183M ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 5 95393 9448K ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 6 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 7 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 8 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 9 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 10 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 11 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 12 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 13 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 14 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 15 0 0 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.123.0/24 state RELATED,ESTABLISHED 16 0 0 ACCEPT all -- virbr1 * 192.168.123.0/24 0.0.0.0/0 17 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 18 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 19 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 2917 packets, 253K bytes) num pkts bytes target prot opt in out source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -I INPUT 78 -i virbr0 -p tcp --dport 1521 -j ACCEPT (0)bey9at77@my_PC:/home/bey9at77/scripts> sudo iptables -n -L -v --line-numbers Chain INPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 5 6670 477K ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 6 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 7 111 36462 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 8 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 9 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 10 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 11 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 12 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 13 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 14 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 15 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 16 0 0 ACCEPT udp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 17 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 18 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 19 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 20 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 21 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 22 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 23 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 24 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 25 642K 300M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 26 1526K 1015M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 27 33107 3881K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 28 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 reject-with icmp-port-unreachable 29 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5308 30 3 152 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 31 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5900 32 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 33 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 34 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5656 35 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5004:5005 36 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5004:5005 37 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:20830 38 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20830 39 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5060:5062 40 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:5060:5062 41 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12080 42 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53 43 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53 44 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21 45 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21100 46 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2001 47 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:2001 48 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 49 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 50 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:500 51 0 0 ACCEPT 254 -- ipsec+ * 0.0.0.0/0 0.0.0.0/0 52 37 3310 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 53 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 54 912 61240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 55 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 56 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 9 57 3749 225K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 58 93 4400 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 59 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631 60 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8081 61 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1533 62 160 8120 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:52311 63 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:30000:30005 64 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:67:68 65 2175 714K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 66 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:137 67 71334 5594K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137 68 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:138 69 4358 974K DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138 70 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 71 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:139 72 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:20 73 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 74 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:161:162 75 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520 76 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6348:6349 77 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:6345:6347 78 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 79 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:445 80 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 192.168.122.1 tcp dpt:1445 81 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:445 82 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 192.168.123.1 tcp dpt:1445 83 1223 63596 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 84 0 0 ACCEPT tcp -- virbr1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:48500 85 3879 177K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 86 6981 648K LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 6 prefix `FIREWALL: ' 87 47430 4007K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 88 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:1521 Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 2 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 3 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 4 116K 183M ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 5 95444 9455K ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 6 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 7 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 8 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 9 0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU 10 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 11 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 12 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 13 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 14 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 15 0 0 ACCEPT all -- * virbr1 0.0.0.0/0 192.168.123.0/24 state RELATED,ESTABLISHED 16 0 0 ACCEPT all -- virbr1 * 192.168.123.0/24 0.0.0.0/0 17 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 18 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 19 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 73 packets, 5937 bytes) num pkts bytes target prot opt in out source destination (0)bey9at77@my_PC:/home/bey9at77/scripts> ssh 192.168.122.1 -p 1521 ssh: connect to host 192.168.122.1 port 1521: Connection refused
