pc・ネットワーク・サーバー管理・監視

 ハードからソフトまで、あらゆるPC関連項目についての覚書

filterテーブルのチェーンのファイアウォール・ルールをリストするipアドレス DROP を確認

***********************************************

root@falcon21:~# iptables –list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -s 118.41.245.222/32 -j DROP
-A INPUT -s 91.92.242.96/32 -j DROP
-A INPUT -s 158.94.211.198/32 -j DROP
-A INPUT -s 141.98.9.70/32 -j DROP
-A INPUT -s 77.83.39.169/32 -j DROP
-A INPUT -s 178.16.54.219/32 -j DROP
-A INPUT -s 91.92.240.214/32 -j DROP
-A INPUT -s 45.144.212.43/32 -j DROP
-A INPUT -s 77.83.39.169/32 -j DROP
-A INPUT -s 141.98.9.105/32 -j DROP
-A INPUT -s 45.144.212.43/32 -j DROP
-A INPUT -s 137.184.32.56/32 -j DROP
-A INPUT -s 18.218.118.203/32 -j DROP
-A INPUT -s 46.190.153.30/32 -j DROP
-A INPUT -s 18.218.118.203/32 -j DROP
-A INPUT -s 77.83.39.169/32 -j DROP
-A INPUT -s 34.182.217.30/32 -j DROP
-A INPUT -s 45.144.212.43/32 -j DROP
-A INPUT -s 8.229.9.8/32 -j DROP
-A INPUT -s 34.182.230.122/32 -j DROP
-A INPUT -s 136.109.206.133/32 -j DROP
-A INPUT -s 77.83.39.241/32 -j DROP
-A INPUT -s 178.16.54.219/32 -j DROP
-A INPUT -s 91.92.240.214/32 -j DROP
-A INPUT -s 161.248.147.102/32 -j DROP
-A INPUT -s 178.16.53.241/32 -j DROP
-A INPUT -s 104.152.52.228/32 -j DROP
-A INPUT -s 35.201.1.167/32 -j DROP
-A INPUT -s 34.129.109.7/32 -j DROP
-A INPUT -s 34.116.198.70/32 -j DROP
-A INPUT -s 34.95.141.233/32 -j DROP
-A INPUT -s 35.197.174.219/32 -j DROP
-A INPUT -s 35.241.197.14/32 -j DROP
-A INPUT -s 34.79.230.15/32 -j DROP
-A INPUT -s 35.246.236.71/32 -j DROP
-A INPUT -s 34.142.115.181/32 -j DROP
-A INPUT -s 34.185.137.227/32 -j DROP
-A INPUT -s 34.105.231.162/32 -j DROP
-A INPUT -s 35.230.28.229/32 -j DROP
-A INPUT -s 34.94.107.161/32 -j DROP
-A INPUT -s 34.94.123.223/32 -j DROP
-A INPUT -s 34.125.0.138/32 -j DROP
-A INPUT -s 34.97.241.51/32 -j DROP
-A INPUT -s 77.83.39.169/32 -j DROP
-A INPUT -s 178.16.53.241/32 -j DROP
-A INPUT -s 203.181.3.94/32 -j DROP
-A INPUT -s 104.152.52.228/32 -j DROP
-A INPUT -s 141.98.9.105/32 -j DROP
-A INPUT -s 45.144.212.43/32 -j DROP
-A INPUT -s 141.98.11.33/32 -j DROP
-A INPUT -s 178.16.52.71/32 -j DROP
-A INPUT -s 35.185.223.148/32 -j DROP
-A INPUT -s 34.82.221.4/32 -j DROP
-A INPUT -s 34.186.143.115/32 -j DROP
-A INPUT -s 34.106.52.219/32 -j DROP
-A INPUT -s 34.82.97.210/32 -j DROP
-A INPUT -s 35.236.122.157/32 -j DROP
-A INPUT -s 34.106.146.251/32 -j DROP
-A INPUT -s 141.98.9.104/32 -j DROP
-A INPUT -s 178.16.53.80/32 -j DROP
-A INPUT -s 178.16.53.230/32 -j DROP
-A INPUT -s 141.98.11.33/32 -j DROP
-A INPUT -s 178.16.52.71/32 -j DROP
-A INPUT -s 141.98.9.104/32 -j DROP
-A INPUT -s 45.94.31.100/32 -j DROP
-A INPUT -s 64.225.74.178/32 -j DROP
-A INPUT -s 147.182.241.81/32 -j DROP
-A INPUT -s 34.82.97.210/32 -j DROP
-A INPUT -s 118.41.245.222/32 -j DROP
-A INPUT -s 91.92.242.96/32 -j DROP
-A INPUT -s 158.94.211.198/32 -j DROP
-A INPUT -s 178.16.53.80/32 -j DROP
-A INPUT -s 178.16.53.230/32 -j DROP
-A INPUT -s 45.94.31.250/32 -j DROP
-A INPUT -s 141.98.9.70/32 -j DROP
-A INPUT -s 3.129.187.38/32 -j DROP
-A INPUT -s 130.12.180.52/32 -j DROP
-A INPUT -s 3.129.187.38/32 -j DROP
-A INPUT -s 158.94.211.198/32 -j DROP
-A INPUT -s 141.98.9.70/32 -j DROP
-A INPUT -s 45.94.31.250/32 -j DROP
-A INPUT -s 35.233.32.170/32 -j DROP
-A INPUT -s 34.125.138.17/32 -j DROP
-A INPUT -s 34.106.141.159/32 -j DROP
-A INPUT -s 34.106.203.77/32 -j DROP
-A INPUT -s 34.21.47.209/32 -j DROP

*********************************************************************************

iptables -L -vと実行 -vはverboseで詳細を出力

root@falcon21:~# iptables -L -v
Chain INPUT (policy ACCEPT 3031K packets, 365M bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all — any any 118.41.245.222 anywhere
0 0 DROP all — any any 91.92.242.96 anywhere
0 0 DROP all — any any 158.94.211.198 anywhere
0 0 DROP all — any any 141.98.9.70 anywhere
0 0 DROP all — any any 77.83.39.169 anywhere
0 0 DROP all — any any 178.16.54.219 anywhere
17 748 DROP all — any any 91.92.240.214 anywhere
1 52 DROP all — any any 45.144.212.43 anywhere
1 44 DROP all — any any 77.83.39.169 anywhere
0 0 DROP all — any any 141.98.9.105 anywhere
0 0 DROP all — any any 45.144.212.43 anywhere
420 20488 DROP all — any any lava.census.shodan.io anywhere
175 10500 DROP all — any any scan.visionheight.com anywhere
0 0 DROP all — any any 46.190.153.30 anywhere
0 0 DROP all — any any scan.visionheight.com anywhere
0 0 DROP all — any any 77.83.39.169 anywhere
0 0 DROP all — any any 30.217.182.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 45.144.212.43 anywhere
0 0 DROP all — any any 8.9.229.8.bc.googleusercontent.com anywhere
0 0 DROP all — any any 122.230.182.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 133.206.109.136.bc.googleusercontent.com anywhere
0 0 DROP all — any any 77.83.39.241 anywhere
0 0 DROP all — any any 178.16.54.219 anywhere
0 0 DROP all — any any 91.92.240.214 anywhere
0 0 DROP all — any any 161.248.147.102 anywhere
0 0 DROP all — any any 178.16.53.241 anywhere
0 0 DROP all — any any internettl.org anywhere
0 0 DROP all — any any 167.1.201.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 7.109.129.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 70.198.116.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 233.141.95.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 219.174.197.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 14.197.241.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 15.230.79.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 71.236.246.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 181.115.142.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 227.137.185.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 162.231.105.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 229.28.230.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 161.107.94.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 223.123.94.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 138.0.125.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 51.241.97.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 77.83.39.169 anywhere
0 0 DROP all — any any 178.16.53.241 anywhere
10 400 DROP all — any any q003094.ppp.asahi-net.or.jp anywhere
0 0 DROP all — any any internettl.org anywhere
0 0 DROP all — any any 141.98.9.105 anywhere
0 0 DROP all — any any 45.144.212.43 anywhere
0 0 DROP all — any any srv-141-98-11-33.serveroffer.net anywhere
0 0 DROP all — any any 178.16.52.71 anywhere
0 0 DROP all — any any 148.223.185.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 4.221.82.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 115.143.186.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 219.52.106.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 210.97.82.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 157.122.236.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 251.146.106.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 141.98.9.104 anywhere
0 0 DROP all — any any 178.16.53.80 anywhere
0 0 DROP all — any any 178.16.53.230 anywhere
0 0 DROP all — any any srv-141-98-11-33.serveroffer.net anywhere
0 0 DROP all — any any 178.16.52.71 anywhere
0 0 DROP all — any any 141.98.9.104 anywhere
228 11856 DROP all — any any brightmy.com anywhere
68 3042 DROP all — any any butter.scanf.shodan.io anywhere
126 5615 DROP all — any any bacon.scanf.shodan.io anywhere
0 0 DROP all — any any 210.97.82.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 118.41.245.222 anywhere
0 0 DROP all — any any 91.92.242.96 anywhere
0 0 DROP all — any any 158.94.211.198 anywhere
0 0 DROP all — any any 178.16.53.80 anywhere
0 0 DROP all — any any 178.16.53.230 anywhere
0 0 DROP all — any any 45.94.31.250 anywhere
0 0 DROP all — any any 141.98.9.70 anywhere
0 0 DROP all — any any scan.visionheight.com anywhere
0 0 DROP all — any any 130.12.180.52 anywhere
0 0 DROP all — any any scan.visionheight.com anywhere
0 0 DROP all — any any 158.94.211.198 anywhere
0 0 DROP all — any any 141.98.9.70 anywhere
0 0 DROP all — any any 45.94.31.250 anywhere
0 0 DROP all — any any 170.32.233.35.bc.googleusercontent.com anywhere
0 0 DROP all — any any 17.138.125.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 159.141.106.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 77.203.106.34.bc.googleusercontent.com anywhere
0 0 DROP all — any any 209.47.21.34.bc.googleusercontent.com anywhere

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

**************************************************************************************************

FORWARDチェインとOUTPUTチェイン

以上がINPUTチェインの説明でした。他にもOUTPUTとFORWARDというチェインがありますが、INPUTチェインに比べればとてもシンプルです。

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all — anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

root@falcon21:~# iptables -L –line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP all — 118.41.245.222 anywhere
2 DROP all — 91.92.242.96 anywhere
3 DROP all — 158.94.211.198 anywhere
4 DROP all — 141.98.9.70 anywhere
5 DROP all — 77.83.39.169 anywhere
6 DROP all — 178.16.54.219 anywhere
7 DROP all — 91.92.240.214 anywhere
8 DROP all — 45.144.212.43 anywhere
9 DROP all — 77.83.39.169 anywhere
10 DROP all — 141.98.9.105 anywhere
11 DROP all — 45.144.212.43 anywhere
12 DROP all — lava.census.shodan.io anywhere
13 DROP all — scan.visionheight.com anywhere
14 DROP all — 46.190.153.30 anywhere
15 DROP all — scan.visionheight.com anywhere
16 DROP all — 77.83.39.169 anywhere
17 DROP all — 30.217.182.34.bc.googleusercontent.com anywhere
18 DROP all — 45.144.212.43 anywhere
19 DROP all — 8.9.229.8.bc.googleusercontent.com anywhere
20 DROP all — 122.230.182.34.bc.googleusercontent.com anywhere
21 DROP all — 133.206.109.136.bc.googleusercontent.com anywhere
22 DROP all — 77.83.39.241 anywhere
23 DROP all — 178.16.54.219 anywhere
24 DROP all — 91.92.240.214 anywhere
25 DROP all — 161.248.147.102 anywhere
26 DROP all — 178.16.53.241 anywhere
27 DROP all — internettl.org anywhere
28 DROP all — 167.1.201.35.bc.googleusercontent.com anywhere
29 DROP all — 7.109.129.34.bc.googleusercontent.com anywhere
30 DROP all — 70.198.116.34.bc.googleusercontent.com anywhere
31 DROP all — 233.141.95.34.bc.googleusercontent.com anywhere
32 DROP all — 219.174.197.35.bc.googleusercontent.com anywhere
33 DROP all — 14.197.241.35.bc.googleusercontent.com anywhere
34 DROP all — 15.230.79.34.bc.googleusercontent.com anywhere
35 DROP all — 71.236.246.35.bc.googleusercontent.com anywhere
36 DROP all — 181.115.142.34.bc.googleusercontent.com anywhere
37 DROP all — 227.137.185.34.bc.googleusercontent.com anywhere
38 DROP all — 162.231.105.34.bc.googleusercontent.com anywhere
39 DROP all — 229.28.230.35.bc.googleusercontent.com anywhere
40 DROP all — 161.107.94.34.bc.googleusercontent.com anywhere
41 DROP all — 223.123.94.34.bc.googleusercontent.com anywhere
42 DROP all — 138.0.125.34.bc.googleusercontent.com anywhere
43 DROP all — 51.241.97.34.bc.googleusercontent.com anywhere
44 DROP all — 77.83.39.169 anywhere
45 DROP all — 178.16.53.241 anywhere
46 DROP all — q003094.ppp.asahi-net.or.jp anywhere
47 DROP all — internettl.org anywhere
48 DROP all — 141.98.9.105 anywhere
49 DROP all — 45.144.212.43 anywhere
50 DROP all — srv-141-98-11-33.serveroffer.net anywhere
51 DROP all — 178.16.52.71 anywhere
52 DROP all — 148.223.185.35.bc.googleusercontent.com anywhere
53 DROP all — 4.221.82.34.bc.googleusercontent.com anywhere
54 DROP all — 115.143.186.34.bc.googleusercontent.com anywhere
55 DROP all — 219.52.106.34.bc.googleusercontent.com anywhere
56 DROP all — 210.97.82.34.bc.googleusercontent.com anywhere
57 DROP all — 157.122.236.35.bc.googleusercontent.com anywhere
58 DROP all — 251.146.106.34.bc.googleusercontent.com anywhere
59 DROP all — 141.98.9.104 anywhere
60 DROP all — 178.16.53.80 anywhere
61 DROP all — 178.16.53.230 anywhere
62 DROP all — srv-141-98-11-33.serveroffer.net anywhere
63 DROP all — 178.16.52.71 anywhere
64 DROP all — 141.98.9.104 anywhere
65 DROP all — brightmy.com anywhere
66 DROP all — butter.scanf.shodan.io anywhere
67 DROP all — bacon.scanf.shodan.io anywhere
68 DROP all — 210.97.82.34.bc.googleusercontent.com anywhere
69 DROP all — 118.41.245.222 anywhere
70 DROP all — 91.92.242.96 anywhere
71 DROP all — 158.94.211.198 anywhere
72 DROP all — 178.16.53.80 anywhere
73 DROP all — 178.16.53.230 anywhere
74 DROP all — 45.94.31.250 anywhere
75 DROP all — 141.98.9.70 anywhere
76 DROP all — scan.visionheight.com anywhere
77 DROP all — 130.12.180.52 anywhere
78 DROP all — scan.visionheight.com anywhere
79 DROP all — 158.94.211.198 anywhere
80 DROP all — 141.98.9.70 anywhere
81 DROP all — 45.94.31.250 anywhere
82 DROP all — 170.32.233.35.bc.googleusercontent.com anywhere
83 DROP all — 17.138.125.34.bc.googleusercontent.com anywhere
84 DROP all — 159.141.106.34.bc.googleusercontent.com anywhere
85 DROP all — 77.203.106.34.bc.googleusercontent.com anywhere
86 DROP all — 209.47.21.34.bc.googleusercontent.com anywhere

Chain FORWARD (policy ACCEPT)
num target prot opt source destination

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

******************************************************************************************

チェーンをクリア&デフォルトポリシー設定
現在のルールをクリア(フラッシュ):
sudo iptables -F sudo iptables -X

       -F: 全チェーンのルールを削除
       -X: ユーザー定義チェーンを削除

デフォルトポリシー設定:
sudo iptables -P INPUT DROP sudo iptables -P FORWARD DROP sudo iptables -P OUTPUT ACCEPT

       INPUT: すべて拒否 (DROP)
       FORWARD: すべて拒否
       OUTPUT: すべて許可 (ACCEPT)

root@falcon21:~# iptables –help
iptables v1.8.11 (nf_tables)

Usage: iptables -[ACD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Commands:
Either long or short options are allowed.
–append -A chain Append to chain
–check -C chain Check for the existence of a rule
–delete -D chain Delete matching rule from chain
–delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
–insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
–replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
–list -L [chain [rulenum]]
List the rules in a chain or all chains
–list-rules -S [chain [rulenum]]
Print the rules in a chain or all chains
–flush -F [chain] Delete all rules in chain or all chains
–zero -Z [chain [rulenum]]
Zero counters in chain or all chains
–new -N chain Create a new user-defined chain
–delete-chain
-X [chain] Delete a user-defined chain
–policy -P chain target
Change policy on chain to target
–rename-chain
-E old-chain new-chain
Change chain name, (moving any references)

Options:
–ipv4 -4 Nothing (line is ignored by ip6tables-restore)
–ipv6 -6 Error (line is ignored by iptables-restore)
[!] –protocol -p proto protocol: by number or name, eg. tcp' [!] --source -s address[/mask][...] source specification [!] --destination -d address[/mask][...] destination specification [!] --in-interface -i input name[+] network interface name ([+] for wildcard) --jump -j target target for rule (may load target extension) --goto -g chain jump to chain with no return --match -m match extended match (may load extension) --numeric -n numeric output of addresses and ports [!] --out-interface -o output name[+] network interface name ([+] for wildcard) --table -t table table to manipulate (default:filter’)
–verbose -v verbose mode
–wait -w [seconds] maximum wait to acquire xtables lock before give up
–line-numbers print line numbers when listing
–exact -x expand numbers (display exact values)
[!] –fragment -f match second or further fragments only
–modprobe= try to insert modules using this command
–set-counters -c PKTS BYTES set the counter during insert/append
[!] –version -V print package version.

****************************************************************************************************************

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です