网络配置状态信息搜集
来自Jack's Lab
iptables
root@XiaoQiang:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain MINIUPNPD (1 references) target prot opt source destination Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere reject all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_input all -- anywhere anywhere zone_wan_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all -- anywhere anywhere zone_wan_output all -- anywhere anywhere Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination macfilter_wan all -- anywhere anywhere Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination macfilter_admin tcp -- anywhere XiaoQiang multiport dports www,https,telnet,ssh Chain input_wan_rule (1 references) target prot opt source destination Chain macfilter_admin (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain macfilter_lan (0 references) target prot opt source destination Chain macfilter_wan (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain zone_lan_dest_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ zone_lan_src_REJECT all -- anywhere anywhere Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* user chain for input */ zone_lan_src_ACCEPT all -- anywhere anywhere Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* user chain for output */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_src_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination MINIUPNPD all -- anywhere anywhere forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT tcp -- anywhere anywhere tcp dpt:socks /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:4662 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2080 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2062 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT udp -- anywhere anywhere udp dpt:4661 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:3027 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:888 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:666 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2037 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2061 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2048 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2066 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_REJECT (2 references) target prot opt source destination reject all -- anywhere anywhere
