Настройка iptables
Добавлено: 18 авг 2021, 11:00
Доброго времени суток, форумчане!
Делал для iptables "режим параноика" по мануалам. Получился вот такой набор правил:
Далее, когда я проверяю работоспособность iptables, ping от alex (ping 77.88.21.11) DROP-ается, от net_true проходит (sg net_true -c "ping 77.88.21.11"). Вроде бы всё работает, как и задумано. Но когда я пытаюсь запустить таким образом firefox (sg net_true -c "firefox"), его пакеты тоже DROP-аются, что уже совсем не по плану. Что я делаю не так? Мне главное, чтобы режим параноика заработал. Если подскажите готовый нормальный набор правил - будет даже лучше. Надеюсь на вашу помощь!
Делал для iptables "режим параноика" по мануалам. Получился вот такой набор правил:
Код: Выделить всё
sudo iptables -F
sudo iptables -t filter -A OUTPUT -p all -m owner --gid-owner net_true -j ACCEPT
sudo iptables -t filter -A OUTPUT -p all -j DROP
sudo iptables -t filter -A INPUT -p all -i lo -j ACCEPT
sudo iptables -t filter -A INPUT -p all -m state --state RELATED -j ACCEPT
sudo iptables -t filter -A INPUT -p all -m state --state ESTABLISHED -j ACCEPT
sudo iptables -t filter -A INPUT -p all -m state --state NEW -j DROP
sudo iptables -t filter -A INPUT -p all -m state --state INVALID -j DROP
sudo iptables -t filter -A FORWARD -p all -j DROPSystem:
Kernel: 5.11.0-25-generic x86_64 bits: 64 compiler: N/A
Desktop: Xfce 4.16.0 Distro: Linux Mint 20.2 Uma base: Ubuntu 20.04 focal
Machine:
Type: Laptop System: ASUSTeK product: VivoBook_ASUSLaptop X515DA_M515DA
v: 1.0 serial: <filter>
Mobo: ASUSTeK model: X515DA v: 1.0 serial: <filter>
UEFI: American Megatrends v: X515DA.303 date: 01/13/2021
Battery:
ID-1: BAT0 charge: 26.2 Wh condition: 36.7/37.1 Wh (99%)
model: ASUSTeK ASUS Battery status: Discharging
CPU:
Topology: Quad Core model: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
bits: 64 type: MT MCP arch: Zen+ rev: 1 L2 cache: 2048 KiB
flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm
bogomips: 33538
Speed: 1244 MHz min/max: 1400/2100 MHz Core speeds (MHz): 1: 1244 2: 1260
3: 1338 4: 1386 5: 1253 6: 1273 7: 1273 8: 1275
Graphics:
Device-1: AMD Picasso vendor: ASUSTeK driver: amdgpu v: kernel
bus ID: 03:00.0
Display: server: X.Org 1.20.11 driver: amdgpu,ati
unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz
OpenGL: renderer: AMD RAVEN (DRM 3.40.0 5.11.0-25-generic LLVM 12.0.1)
v: 4.6 Mesa 21.2.0-devel direct render: Yes
Audio:
Device-1: AMD Raven/Raven2/Fenghuang HDMI/DP Audio driver: snd_hda_intel
v: kernel bus ID: 03:00.1
Device-2: AMD Raven/Raven2/FireFlight/Renoir Audio Processor
driver: snd_pci_acp3x v: kernel bus ID: 03:00.5
Device-3: AMD Family 17h HD Audio vendor: ASUSTeK driver: snd_hda_intel
v: kernel bus ID: 03:00.6
Sound Server: ALSA v: k5.11.0-25-generic
Network:
Device-1: Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter
vendor: AzureWave driver: rtl8821ce v: v5.5.2.1_35598.20191029 port: f000
bus ID: 01:00.0
IF: wlp1s0 state: up mac: <filter>
Drives:
Local Storage: total: 238.47 GiB used: 24.98 GiB (10.5%)
ID-1: /dev/nvme0n1 vendor: Western Digital
model: PC SN530 SDBPNPZ-256G-1002 size: 238.47 GiB
Partition:
ID-1: / size: 199.81 GiB used: 12.49 GiB (6.3%) fs: btrfs
dev: /dev/nvme0n1p3
ID-2: /home size: 199.81 GiB used: 12.49 GiB (6.3%) fs: btrfs
dev: /dev/nvme0n1p3
ID-3: swap-1 size: 5.71 GiB used: 0 KiB (0.0%) fs: swap
dev: /dev/nvme0n1p2
Sensors:
System Temperatures: cpu: 45.0 C mobo: N/A gpu: amdgpu temp: 45 C
Fan Speeds (RPM): cpu: 2300
Info:
Processes: 289 Uptime: 1h 12m Memory: 5.81 GiB used: 1.56 GiB (26.8%)
Init: systemd runlevel: 5 Compilers: gcc: 9.3.0 Shell: bash v: 5.0.17
inxi: 3.0.38
Kernel: 5.11.0-25-generic x86_64 bits: 64 compiler: N/A
Desktop: Xfce 4.16.0 Distro: Linux Mint 20.2 Uma base: Ubuntu 20.04 focal
Machine:
Type: Laptop System: ASUSTeK product: VivoBook_ASUSLaptop X515DA_M515DA
v: 1.0 serial: <filter>
Mobo: ASUSTeK model: X515DA v: 1.0 serial: <filter>
UEFI: American Megatrends v: X515DA.303 date: 01/13/2021
Battery:
ID-1: BAT0 charge: 26.2 Wh condition: 36.7/37.1 Wh (99%)
model: ASUSTeK ASUS Battery status: Discharging
CPU:
Topology: Quad Core model: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
bits: 64 type: MT MCP arch: Zen+ rev: 1 L2 cache: 2048 KiB
flags: avx avx2 lm nx pae sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm
bogomips: 33538
Speed: 1244 MHz min/max: 1400/2100 MHz Core speeds (MHz): 1: 1244 2: 1260
3: 1338 4: 1386 5: 1253 6: 1273 7: 1273 8: 1275
Graphics:
Device-1: AMD Picasso vendor: ASUSTeK driver: amdgpu v: kernel
bus ID: 03:00.0
Display: server: X.Org 1.20.11 driver: amdgpu,ati
unloaded: fbdev,modesetting,vesa resolution: 1920x1080~60Hz
OpenGL: renderer: AMD RAVEN (DRM 3.40.0 5.11.0-25-generic LLVM 12.0.1)
v: 4.6 Mesa 21.2.0-devel direct render: Yes
Audio:
Device-1: AMD Raven/Raven2/Fenghuang HDMI/DP Audio driver: snd_hda_intel
v: kernel bus ID: 03:00.1
Device-2: AMD Raven/Raven2/FireFlight/Renoir Audio Processor
driver: snd_pci_acp3x v: kernel bus ID: 03:00.5
Device-3: AMD Family 17h HD Audio vendor: ASUSTeK driver: snd_hda_intel
v: kernel bus ID: 03:00.6
Sound Server: ALSA v: k5.11.0-25-generic
Network:
Device-1: Realtek RTL8821CE 802.11ac PCIe Wireless Network Adapter
vendor: AzureWave driver: rtl8821ce v: v5.5.2.1_35598.20191029 port: f000
bus ID: 01:00.0
IF: wlp1s0 state: up mac: <filter>
Drives:
Local Storage: total: 238.47 GiB used: 24.98 GiB (10.5%)
ID-1: /dev/nvme0n1 vendor: Western Digital
model: PC SN530 SDBPNPZ-256G-1002 size: 238.47 GiB
Partition:
ID-1: / size: 199.81 GiB used: 12.49 GiB (6.3%) fs: btrfs
dev: /dev/nvme0n1p3
ID-2: /home size: 199.81 GiB used: 12.49 GiB (6.3%) fs: btrfs
dev: /dev/nvme0n1p3
ID-3: swap-1 size: 5.71 GiB used: 0 KiB (0.0%) fs: swap
dev: /dev/nvme0n1p2
Sensors:
System Temperatures: cpu: 45.0 C mobo: N/A gpu: amdgpu temp: 45 C
Fan Speeds (RPM): cpu: 2300
Info:
Processes: 289 Uptime: 1h 12m Memory: 5.81 GiB used: 1.56 GiB (26.8%)
Init: systemd runlevel: 5 Compilers: gcc: 9.3.0 Shell: bash v: 5.0.17
inxi: 3.0.38