We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
iptables Drop
Re: iptables Drop
ОС какая ? Если Debian - то попробывать вот так
iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
Re: iptables Drop
Bad argument `ESTABLISHED,RELATED'korvinod wrote:ОС какая ? Если Debian - то попробывать вот так
iptables -A INPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state -state ESTABLISHED,RELATED -j ACCEPT
Try `iptables -h' or 'iptables --help' for more information.
Re: iptables Drop
modprobe ip_conntrack
что пишет?
---
iptables -t filter -A INPUT -p all -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
что пишет?
---
iptables -t filter -A INPUT -p all -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
Re: iptables Drop
# modprobe ip_conntrackkorvinod wrote:modprobe ip_conntrack
что пишет?
---
iptables -t filter -A INPUT -p all -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
modprobe: ERROR: ../libkmod/libkmod.c:508 kmod_lookup_alias_from_builtin_file() could not open builtin file '/lib/modules/2.6.32-042stab116.1/modules.builtin.bin'
modprobe: FATAL: Module ip_conntrack not found.
Re: iptables Drop
Можно попробовать через флаги..
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN -j ACCEPT
Re: iptables Drop
Можно еще попробовать явно указать
iptables -A INPUT -p ALL -i $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$LAN_IFACE = интерфейс который смотрит в мир..
iptables -A INPUT -p ALL -i $LAN_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$LAN_IFACE = интерфейс который смотрит в мир..
Re: iptables Drop
Прокатило!!korvinod wrote:Можно попробовать через флаги..
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN -j ACCEPT
Re: iptables Drop
Можно грохать эти правила?korvinod wrote:Нафиг ненужные правилаShowACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 1369:6051,17779:19938
ACCEPT tcp -- 212.76.131.131 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 64.22.33.90 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 212.7.0.71 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 85.254.217.235 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 62.245.181.53 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 195.30.97.3 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 130.133.110.67 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 130.133.110.67 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 158.129.196.3 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 157.25.5.183 0.0.0.0/0 multiport dports 0:65535
ACCEPT icmp -- 185.87.51.105 0.0.0.0/0 23
ACCEPT udp -- 185.87.51.105 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 185.87.51.105 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 37.140.192.213 0.0.0.0/0 multiport dports 0:65535
ACCEPT icmp -- 104.24.112.122 0.0.0.0/0
ACCEPT udp -- 104.24.112.122 0.0.0.0/0 multiport dports 0:65535
ACCEPT tcp -- 104.24.112.122 0.0.0.0/0 multiport dports 0:65535