Synology-Forum.nl
Algemeen => The lounge => Topic gestart door: Pippin op 28 maart 2016, 13:05:44
-
Zou iemand even willen kijken of
iptables -Ldeze twee regels laat zien:
DROP tcp -- anywhere anywhere tcp spt:domain length 2048:65535
DROP udp -- anywhere anywhere udp spt:domain length 2048:65535
B.v.d.
-
Met PuTTY op DSM 6.0:
root@DS111:~# iptables -L
iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
root@DS111:~#
:S :?:
-
met WinSCP op DSM 5.2 :
/$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DEFAULT_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DEFAULT_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DEFAULT_FORWARD (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere Source countries: BE,DE,GB,NL,SE
ACCEPT all -- anywhere anywhere source IP range 192.168.1.1-192.168.1.254
DROP all -- anywhere anywhere
Chain DEFAULT_INPUT (1 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp spt:domain length 2048:65535
DROP udp -- anywhere anywhere udp spt:domain length 2048:65535
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere Source countries: BE,DE,GB,NL,SE
ACCEPT all -- anywhere anywhere source IP range 192.168.1.1-192.168.1.254
DROP all -- anywhere anywhere
-
Ik zie ze niet onder dsm 6.0:
root@GedeeldeData:~# iptables -L
Chain INPUT (policy ACCEPT)
…
Chain FORWARD_FIREWALL (1 references)
RETURN udp -- anywhere anywhere Source countries: BE,NL udp spt:19997
…
Chain INPUT_FIREWALL (1 references)
RETURN udp -- anywhere anywhere Source countries: BE,NL udp spt:19997
Ik heb gewoon een search op 'spt' gedaan in de lange listing en vond dan alleen bovenste twee regels
-
@Hutje
Op 5.2 is deze bug nog steeds niet gefixt, dat wist ik al.
Hetzelfde geldt voor de router.
@Birdy
Ok, "iptables" is er niet meer in DSM 6
Dan is dat nu waarschijnlijk "ip" of "ipset", probeer deze eens a.u.b.
ip rule show
-
@Briolet
Heb je een upgrade gedaan of een schone install?
-
Bij mij was het een upgrade op beide nassen. Op beide nassen zie ik de iptables.
Birdy had al eens aangegeven dat hij een schone installatie gedaan had.
-
Dank, dan heeft @Birdy waarschijnlijk een schone install gedaan.
Edit:
Zie nu je edit (:
-
Hm...
ip rule show laat niet zien wat ik verwachte, eerst even verder zoeken.
-
@MMD : sorry, ik zie nu pas dat het om DSM 6.0 gaat.
Inderdaad géén iptables.
-
@Birdy
Ok, "iptables" is er niet meer in DSM 6
Dan is dat nu waarschijnlijk "ip" of "ipset", probeer deze eens a.u.b.
ip rule show
admin@DS111:/$ ip rule show
0: from all lookup local
2: from all lookup static-table
3: from 192.168.1.22 lookup eth0-table
32766: from all lookup main
32767: from all lookup default
admin@DS111:/$
ipset wordt niet gevonden in DSM.
En ja, DSM 6.0 is een schone installatie (terug naar fabrieksinstellingen) ;)
-
Ok, dank.
Afgaande op @Briolet `s bericht zou het dan in DSM 6 wel gepatcht zijn.
-
Maar op een 'geupgrade' DSM 6.0 :
admin@DS411j:/volume1$ iptables -h
iptables v1.6.0
Usage: iptables -[ACD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
Commands:
Either long or short options are allowed.
--append -A chain Append to chain
--check -C chain Check for the existence of a rule
--delete -D chain Delete matching rule from chain
--delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
--insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
--replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
--list -L [chain [rulenum]]
List the rules in a chain or all chains
--list-rules -S [chain [rulenum]]
Print the rules in a chain or all chains
--flush -F [chain] Delete all rules in chain or all chains
--zero -Z [chain [rulenum]]
Zero counters in chain or all chains
--new -N chain Create a new user-defined chain
--delete-chain
-X [chain] Delete a user-defined chain
--policy -P chain target
Change policy on chain to target
--rename-chain
-E old-chain new-chain
Change chain name, (moving any references)
Options:
--ipv4 -4 Nothing (line is ignored by ip6tables-restore)
--ipv6 -6 Error (line is ignored by iptables-restore)
[!] --protocol -p proto protocol: by number or name, eg. `tcp'
[!] --source -s address[/mask][...]
source specification
[!] --destination -d address[/mask][...]
destination specification
[!] --in-interface -i input name[+]
network interface name ([+] for wildcard)
--jump -j target
target for rule (may load target extension)
--goto -g chain
jump to chain with no return
--match -m match
extended match (may load extension)
--numeric -n numeric output of addresses and ports
[!] --out-interface -o output name[+]
network interface name ([+] for wildcard)
--table -t table table to manipulate (default: `filter')
--verbose -v verbose mode
--wait -w [seconds] wait for the xtables lock
--line-numbers print line numbers when listing
--exact -x expand numbers (display exact values)
[!] --fragment -f match second or further fragments only
--modprobe=<command> try to insert modules using this command
--set-counters PKTS BYTES set the counter during insert/append
[!] --version -V print package version.
admin@DS411j:/volume1$
[Mod edit: lange listing in code gezet]