PDA

Bekijk de volledige versie : forwarding pls help



greengreen
28-10-2006, 18:30
hi,
i have now upnp enable and eveything works ok.
my iptables:

Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
SECURITY all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere krakonosovo tcp dpt:www
ACCEPT tcp -- anywhere krakonosovo tcp dpt:81
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT tcp -- anywhere anywhere tcp dpt:2121
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpts:65530:65534
DROP tcp -- anywhere anywhere tcp dpt:!ssh

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65534
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65533
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65532
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65531
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65530
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:2121
RRDIPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
SECURITY all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere ctstate DNAT


But I would like to disable upnp but how to write rules to post-firewall for this without web-interface?
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65534
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65533
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65532
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65531
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:65530
ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:2121

thanks very much