[[PageOutline]] = インストール直後のufw設定 = == Lucid == * 設定されているのはfilter TARGETのみ * sudo iptables -L -v {{{ Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 280 30717 ufw-before-logging-input all -- any any anywhere anywhere 280 30717 ufw-before-input all -- any any anywhere anywhere 238 27193 ufw-after-input all -- any any anywhere anywhere 238 27193 ufw-after-logging-input all -- any any anywhere anywhere 238 27193 ufw-reject-input all -- any any anywhere anywhere 238 27193 ufw-track-input all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ufw-before-logging-forward all -- any any anywhere anywhere 0 0 ufw-before-forward all -- any any anywhere anywhere 0 0 ufw-after-forward all -- any any anywhere anywhere 0 0 ufw-after-logging-forward all -- any any anywhere anywhere 0 0 ufw-reject-forward all -- any any anywhere anywhere Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 263 128K ufw-before-logging-output all -- any any anywhere anywhere 263 128K ufw-before-output all -- any any anywhere anywhere 228 114K ufw-after-output all -- any any anywhere anywhere 228 114K ufw-after-logging-output all -- any any anywhere anywhere 228 114K ufw-reject-output all -- any any anywhere anywhere 228 114K ufw-track-output all -- any any anywhere anywhere Chain ufw-after-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-after-input (1 references) pkts bytes target prot opt in out source destination 0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-ns 0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:netbios-dgm 0 0 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:netbios-ssn 0 0 ufw-skip-to-policy-input tcp -- any any anywhere anywhere tcp dpt:microsoft-ds 0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootps 0 0 ufw-skip-to-policy-input udp -- any any anywhere anywhere udp dpt:bootpc 0 0 ufw-skip-to-policy-input all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' Chain ufw-after-logging-input (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' Chain ufw-after-logging-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-after-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-forward (1 references) pkts bytes target prot opt in out source destination 0 0 ufw-user-forward all -- any any anywhere anywhere Chain ufw-before-input (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 40 3170 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ufw-logging-deny all -- any any anywhere anywhere state INVALID 0 0 DROP all -- any any anywhere anywhere state INVALID 0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable 0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench 0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded 0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc 0 0 ufw-not-local all -- any any anywhere anywhere 0 0 ACCEPT all -- any any BASE-ADDRESS.MCAST.NET/4 anywhere 0 0 ACCEPT all -- any any anywhere BASE-ADDRESS.MCAST.NET/4 0 0 ufw-user-input all -- any any anywhere anywhere Chain ufw-before-logging-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-logging-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-logging-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-before-output (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any lo anywhere anywhere 35 14312 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 2 136 ufw-user-output all -- any any anywhere anywhere Chain ufw-logging-allow (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW ALLOW] ' Chain ufw-logging-deny (2 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere state INVALID limit: avg 3/min burst 10 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK] ' Chain ufw-not-local (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type LOCAL 0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type MULTICAST 0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST 0 0 ufw-logging-deny all -- any any anywhere anywhere limit: avg 3/min burst 10 0 0 DROP all -- any any anywhere anywhere Chain ufw-reject-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-reject-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-reject-output (1 references) pkts bytes target prot opt in out source destination Chain ufw-skip-to-policy-forward (0 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere Chain ufw-skip-to-policy-input (7 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- any any anywhere anywhere Chain ufw-skip-to-policy-output (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any any anywhere anywhere Chain ufw-track-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-track-output (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW 2 136 ACCEPT udp -- any any anywhere anywhere state NEW Chain ufw-user-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw-user-input (1 references) pkts bytes target prot opt in out source destination Chain ufw-user-limit (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix `[UFW LIMIT BLOCK] ' 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any any anywhere anywhere Chain ufw-user-logging-forward (0 references) pkts bytes target prot opt in out source destination Chain ufw-user-logging-input (0 references) pkts bytes target prot opt in out source destination Chain ufw-user-logging-output (0 references) pkts bytes target prot opt in out source destination Chain ufw-user-output (1 references) pkts bytes target prot opt in out source destination }}} == Hardy == * 設定されているのはfilter TARGETのみ * sudo iptables -L -vv {{{ Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 112 8632 ufw-before-input all -- any any anywhere anywhere 0 0 ufw-after-input all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ufw-before-forward all -- any any anywhere anywhere 0 0 ufw-after-forward all -- any any anywhere anywhere Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 68 8712 ufw-before-output all -- any any anywhere anywhere 0 0 ufw-after-output all -- any any anywhere anywhere Chain ufw-after-forward (1 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK FORWARD]: ' 0 0 RETURN all -- any any anywhere anywhere Chain ufw-after-input (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN udp -- any any anywhere anywhere udp dpt:netbios-ns 0 0 RETURN udp -- any any anywhere anywhere udp dpt:netbios-dgm 0 0 RETURN tcp -- any any anywhere anywhere tcp dpt:netbios-ssn 0 0 RETURN tcp -- any any anywhere anywhere tcp dpt:microsoft-ds 0 0 RETURN udp -- any any anywhere anywhere udp dpt:bootps 0 0 RETURN udp -- any any anywhere anywhere udp dpt:bootpc 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK INPUT]: ' 0 0 RETURN all -- any any anywhere anywhere Chain ufw-after-output (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere Chain ufw-before-forward (1 references) pkts bytes target prot opt in out source destination 0 0 ufw-user-forward all -- any any anywhere anywhere 0 0 RETURN all -- any any anywhere anywhere Chain ufw-before-input (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 111 8304 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED 0 0 DROP all -- any any anywhere anywhere ctstate INVALID 0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable 0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench 0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded 0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem 0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 1 328 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc 0 0 ufw-not-local all -- any any anywhere anywhere 0 0 ACCEPT all -- any any BASE-ADDRESS.MCAST.NET/4 anywhere 0 0 ACCEPT all -- any any anywhere BASE-ADDRESS.MCAST.NET/4 0 0 ufw-user-input all -- any any anywhere anywhere 0 0 RETURN all -- any any anywhere anywhere Chain ufw-before-output (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 66 8056 ACCEPT tcp -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED 2 656 ACCEPT udp -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED 0 0 ufw-user-output all -- any any anywhere anywhere 0 0 RETURN all -- any any anywhere anywhere Chain ufw-not-local (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type LOCAL 0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type MULTICAST 0 0 RETURN all -- any any anywhere anywhere ADDRTYPE match dst-type BROADCAST 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK NOT-TO-ME]: ' 0 0 DROP all -- any any anywhere anywhere Chain ufw-user-forward (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere Chain ufw-user-input (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere Chain ufw-user-output (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any anywhere anywhere }}}