Chris Buechler wrote:
>go to status.php and paste all the firewall rules from your
>config.xml, not the raw firewall rules. Everything between <filter>
>and </filter>.
here we go:
(BTW: sorry for the delay in my answers, i get the mailingslist as digest)
<filter>
<rule>
<type>block</type>
<interface>wan</interface>
<protocol>tcp/udp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
<port>137-138</port>
</destination>
<descr>Block WAN -> port137/138-primacom-windoof-netzwerkscheiss
und log es bitte nicht mit!</descr>
</rule>
<rule>
<type>block</type>
<interface>wan</interface>
<protocol>tcp/udp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
<port>445</port>
</destination>
<descr>Block WAN -> primacom-windoof-server-message-block und log
es bitte nicht mit!</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.79.1</address>
</source>
<destination>
<network>lan</network>
<port>21-22</port>
</destination>
<descr> 79-1 -> LAN</descr>
</rule>
<rule>
<type>block</type>
<interface>opt1</interface>
<source>
<address>10.11.77.6</address>
</source>
<destination>
<any/>
</destination>
<disabled/>
<log/>
<descr>kill 77.6</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.79.1</address>
</source>
<destination>
<network>lan</network>
<port>443</port>
</destination>
<descr> 79-1 -> LAN</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.79.1</address>
</source>
<destination>
<address>10.139.77.5</address>
<port>1975-1977</port>
</destination>
<descr> 79-1 -> till</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.79.1</address>
</source>
<destination>
<address>192.168.0.5</address>
<port>1975</port>
</destination>
<descr> 79-1 -> wauwau</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>igmp</protocol>
<source>
<address>10.11.79.1</address>
</source>
<destination>
<network>lan</network>
</destination>
<descr> 79-1 -> LAN, ping</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.75.2</address>
</source>
<destination>
<network>lan</network>
<port>21-22</port>
</destination>
<descr> 75-2 -> LAN</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.75.2</address>
</source>
<destination>
<network>lan</network>
<port>443</port>
</destination>
<descr> 75-2 -> LAN</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.75.2</address>
</source>
<destination>
<address>192.168.0.5</address>
<port>1975</port>
</destination>
<descr> 75-2 -> wauwau</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.75.2</address>
</source>
<destination>
<address>10.139.77.5</address>
<port>1977</port>
</destination>
<descr> 75-2 -> till</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>igmp</protocol>
<source>
<address>10.11.75.2</address>
</source>
<destination>
<network>lan</network>
</destination>
<descr> 75-2 -> LAN, ping</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.75.2</address>
</source>
<destination>
<any/>
<port>10021-10025</port>
</destination>
<descr>Libri-Bestell Port</descr>
</rule>
<rule>
<type>block</type>
<interface>opt1</interface>
<source>
<any/>
</source>
<destination>
<network>lan</network>
</destination>
<log/>
<descr>Block OLSR -> LAN</descr>
</rule>
<rule>
<type>block</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<any/>
<port>137-138</port>
</source>
<destination>
<any/>
</destination>
<descr>Block Windows Scheiss aus dem OLSR </descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<address>192.168.200.2</address>
<port>21-80</port>
</destination>
<descr>Freigabe Server für OLSR, ports 21-80</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<address>192.168.200.2</address>
<port>443</port>
</destination>
<descr>Freigabe Server für OLSR, port 443</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<address>192.168.200.2</address>
<port>1024-65000</port>
</destination>
<descr>Freigabe Server für OLSR, FTP</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>53</port>
</destination>
<descr>Freigabe Nameserver für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>udp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>123</port>
</destination>
<descr>Freigabe NTP-Timeserver für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>37</port>
</destination>
<descr>Freigabe rdate-Timeserver für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>80</port>
</destination>
<descr>Freigabe HTTP für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>443</port>
</destination>
<descr>Freigabe HTTPS für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>110</port>
</destination>
<descr>Freigabe POP3 für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>143</port>
</destination>
<descr>Freigabe IMAP für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>22</port>
</destination>
<descr>Freigabe SSH für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>21</port>
</destination>
<descr>Freigabe FTP für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>25</port>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>995</port>
</destination>
<descr>Freigabe POP(Secure) für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>585</port>
</destination>
<descr>Freigabe IMAP(SSL) für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>993</port>
</destination>
<descr>Freigabe IMAP(4 TLS/SSL) für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>5222-5223</port>
</destination>
<descr>Freigabe Jabber+jabber(SSL) für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>8080</port>
</destination>
<descr>Freigabe http-alt für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>5190</port>
</destination>
<descr>Freigabe ICQ für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.79.2</address>
</source>
<destination>
<any/>
<port>119</port>
</destination>
<descr>Freigabe Network-News-Protokoll für OLSR, wird für
Massendownload missbraucht</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<address>217.160.167.26</address>
<port>22222</port>
</destination>
<descr>Freigabe "C.I. SSH Rootserver" für OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>icmp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
</destination>
<descr>Ping OLSR</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>udp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>5000</port>
</destination>
<descr>open-vpn-tests ufo</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>5154-5155</port>
</destination>
<descr>SuSE 3dgame (nasi)</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>6667-6668</port>
</destination>
<descr>IRC (internet relay chat)</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>8000-8128</port>
</destination>
<descr>div. radios</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>8800</port>
</destination>
<descr>dnb radio</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>9540</port>
</destination>
<descr>dnb radio</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>23724</port>
</destination>
<descr>Bank für Sozialwirtschaft</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>9210</port>
</destination>
<descr>radio</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>9001-9033</port>
</destination>
<descr>TOR connections</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>10001</port>
</destination>
<descr>TOR connections</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>873</port>
</destination>
<descr>gentoo: rsync</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>2500</port>
</destination>
<descr>Videokonferenz/-telefonie</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>3500</port>
</destination>
<descr>Videokonferenz/-telefonie</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>20080-20082</port>
</destination>
<descr>Deutsche Bücherei</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>8180</port>
</destination>
<descr>Deutsche Bücherei</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>3900</port>
</destination>
<descr>Videokonferenz/-telefonie</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>2401</port>
</destination>
<descr>Andreas</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>5999</port>
</destination>
<descr>Andreas</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>10000</port>
</destination>
<descr>Andreas</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>2064</port>
</destination>
<descr>distributed.net</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>52000-52001</port>
</destination>
<descr>IRC-Proxy für Angela</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>554</port>
</destination>
<descr>Real Player</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>7070</port>
</destination>
<descr>Real Player</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>3306</port>
</destination>
<descr>MySQL</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>udp</protocol>
<source>
<address>10.0.0.0/8</address>
</source>
<destination>
<any/>
<port>33434-33534</port>
</destination>
<descr>traceroute damit HNA nich weggeht</descr>
</rule>
<rule>
<type>block</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>50000-65000</port>
</destination>
<log/>
<descr> testblock explizit</descr>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp/udp</protocol>
<source>
<address>10.11.0.0/16</address>
</source>
<destination>
<any/>
<port>8880</port>
</destination>
<descr>freedb-com irgendwas</descr>
</rule>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<tcpidletimeout/>
</filter>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program. | 