adaptation de la conf iptables ・ 37ceeb5 ・ Gitprep

+9 -6

root/iptables.rules

@@ -13,18 +13,21 @@
 # DNS
 -A OUTPUT         -p udp --dport domain -j ACCEPT
 
-# https
+# http
 -A INPUT  -i eth0  -p tcp -m multiport --dports http,https -j ACCEPT
 -A OUTPUT          -p tcp -m multiport --sports http,https -j ACCEPT
--A OUTPUT          -p tcp --dport https -j ACCEPT
+-A OUTPUT          -p tcp -m multiport --dports http,https -j ACCEPT
+-A OUTPUT          -p tcp --destination 127.0.0.1 --dport 8888 -j ACCEPT
+-A OUTPUT          -p tcp --source 127.0.0.1 --sport 8888 -j ACCEPT
 #-A INPUT  -i eth0 -m state --state NEW,ESTABLISHED -p tcp --dport https -j ACCEPT
 #-A OUTPUT         -m state --state ESTABLISHED     -p tcp --sport https -j ACCEPT
 
 ## http pour maj
--A OUTPUT -m owner --uid-owner root -p tcp --dport http -j ACCEPT
--A OUTPUT -m owner --uid-owner www-data -p tcp --dport http -j ACCEPT
--A OUTPUT -m owner --uid-owner sms -p tcp --dport http -j ACCEPT
--A OUTPUT -m owner --uid-owner action -p tcp --dport http -j ACCEPT
+#-A OUTPUT -m owner --uid-owner root -p tcp -m multiport --dports http,https -j ACCEPT
+
+#-A OUTPUT -m owner --uid-owner www-data -p tcp -m multiport --dport http,https -j ACCEPT
+#-A OUTPUT -m owner --uid-owner sms -p tcp -m multiport --dport http -j ACCEPT
+#-A OUTPUT -m owner --uid-owner action -p tcp -m multiport --dport http -j ACCEPT
 
 #OUTPUT denied: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1913 DF PROTO=TCP SPT=49487 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0 
 -A OUTPUT -p tcp --destination 127.0.0.1 --dport http-alt -j ACCEPT

...	...	@@ -13,18 +13,21 @@
13	13	# DNS
14	14	-A OUTPUT -p udp --dport domain -j ACCEPT
15	15
16		-# https
	16	+# http
17	17	-A INPUT -i eth0 -p tcp -m multiport --dports http,https -j ACCEPT
18	18	-A OUTPUT -p tcp -m multiport --sports http,https -j ACCEPT
19		--A OUTPUT -p tcp --dport https -j ACCEPT
	19	+-A OUTPUT -p tcp -m multiport --dports http,https -j ACCEPT
	20	+-A OUTPUT -p tcp --destination 127.0.0.1 --dport 8888 -j ACCEPT
	21	+-A OUTPUT -p tcp --source 127.0.0.1 --sport 8888 -j ACCEPT
20	22	#-A INPUT -i eth0 -m state --state NEW,ESTABLISHED -p tcp --dport https -j ACCEPT
21	23	#-A OUTPUT -m state --state ESTABLISHED -p tcp --sport https -j ACCEPT
22	24
23	25	## http pour maj
24		--A OUTPUT -m owner --uid-owner root -p tcp --dport http -j ACCEPT
25		--A OUTPUT -m owner --uid-owner www-data -p tcp --dport http -j ACCEPT
26		--A OUTPUT -m owner --uid-owner sms -p tcp --dport http -j ACCEPT
27		--A OUTPUT -m owner --uid-owner action -p tcp --dport http -j ACCEPT
	26	+#-A OUTPUT -m owner --uid-owner root -p tcp -m multiport --dports http,https -j ACCEPT
	27	+
	28	+#-A OUTPUT -m owner --uid-owner www-data -p tcp -m multiport --dport http,https -j ACCEPT
	29	+#-A OUTPUT -m owner --uid-owner sms -p tcp -m multiport --dport http -j ACCEPT
	30	+#-A OUTPUT -m owner --uid-owner action -p tcp -m multiport --dport http -j ACCEPT
28	31
29	32	#OUTPUT denied: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=1913 DF PROTO=TCP SPT=49487 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
30	33	-A OUTPUT -p tcp --destination 127.0.0.1 --dport http-alt -j ACCEPT