Re: Blokowanie portu
: 12 września 2018, 14:36
Spróbuj:
sudo ufw allow <nr_portu>
sudo ufw allow <nr_portu>
Polski portal użytkowników dystrybucji Debian GNU/Linux, dyskusje, artykuły, nowości, blog, porady, pomoc.
https://593930.wb34atkl.asia/
Kod: Zaznacz cały
root@serv251085:~# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:25:90:e1:a6:f0 brd ff:ff:ff:ff:ff:ff
inet 185.38.251.85/25 brd 185.38.251.127 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::225:90ff:fee1:a6f0/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:25:90:e1:a6:f1 brd ff:ff:ff:ff:ff:ff
root@serv251085:~# ip r s
default via 185.38.251.1 dev eth0
185.38.251.0/25 dev eth0 proto kernel scope link src 185.38.251.85
root@serv251085:~# sudo
-bash: sudo: command not found
root@serv251085:~# ufw allow 8090
Skipping adding existing rule
Skipping adding existing rule (v6)
root@serv251085:~#
Kod: Zaznacz cały
root@serv251085:~# ufw allow 8090
Skipping adding existing rule
Skipping adding existing rule (v6)
Kod: Zaznacz cały
netstat -nltup
Kod: Zaznacz cały
root@serv251085:/home/serwery/disco# ./sc_serv &
[1] 15847
root@serv251085:/home/serwery/disco# 2018-09-13 09:05:29 WARN [CONFIG] Invalid item on line 11 of /home/serwery/disco/sc_serv.conf -> `realtime'
2018-09-13 09:05:29 INFO *********************************************************************
2018-09-13 09:05:29 INFO ** SHOUTcast Distributed Network Audio Server (DNAS) **
2018-09-13 09:05:29 INFO ** Copyright (C) 2014-2017 Radionomy SA, All Rights Reserved **
2018-09-13 09:05:29 INFO *********************************************************************
2018-09-13 09:05:29 INFO [MAIN] SHOUTcast DNAS/posix(linux x64) v2.5.5.733 (Oct 9 2017)
2018-09-13 09:05:29 INFO [MAIN] PID: 15847
2018-09-13 09:05:29 INFO [MAIN] Saving log output to `/tmp/sc_serv.log'
2018-09-13 09:05:29 INFO [MAIN] Automatic log rotation interval: 1 day
2018-09-13 09:05:29 INFO [MAIN] Loaded config from `/home/serwery/disco/sc_serv.conf'
2018-09-13 09:05:29 INFO [MAIN] Calculated CPU count is 4 -> 1 CPU specified to be used
2018-09-13 09:05:29 INFO [MAIN] Limited to 65536 file descriptors [relates to ulimit -n]
2018-09-13 09:05:29 INFO [MAIN] Starting 1 network thread
2018-09-13 09:05:29 ERROR [MICROSERVER] Error opening port 8090 because could not bind to any // adres ip źródła dowolny:8090 because address already in use
Kod: Zaznacz cały
root@serv251085:~# netstat -nltup
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 700/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 914/exim4
tcp 0 0 255.255.255.255:8090 0.0.0.0:* LISTEN 989/sc_serv
tcp 0 0 255.255.255.255:8091 0.0.0.0:* LISTEN 989/sc_serv
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 983/sc_serv
tcp 0 0 0.0.0.0:8001 0.0.0.0:* LISTEN 983/sc_serv
tcp6 0 0 :::22 :::* LISTEN 700/sshd
tcp6 0 0 ::1:25 :::* LISTEN 914/exim4
udp 0 0 185.38.251.85:123 0.0.0.0:* 640/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 640/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 640/ntpd
udp6 0 0 fe80::225:90ff:fee1:123 :::* 640/ntpd
udp6 0 0 ::1:123 :::* 640/ntpd
udp6 0 0 :::123 :::* 640/ntpd
Kod: Zaznacz cały
tcp 0 0 255.255.255.255:8090 0.0.0.0:* LISTEN 989/sc_serv
Kod: Zaznacz cały
*filter
# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT
# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allows all outbound traffic
# You could modify this to only allow certain traffic
-A OUTPUT -j ACCEPT
# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
# Allows SSH connections
# The --dport number is the same as in /etc/ssh/sshd_config
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT
# Now you should read up on iptables rules and consider whether ssh access
# for everyone is really desired. Most likely you will only allow access from certain IPs.
# Allow ping
# note that blocking other types of icmp packets is considered a bad idea by some
# remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp:
# https://security.stackexchange.com/questions/22711
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
# Reject all other inbound - default deny unless explicitly allowed policy:
-A INPUT -j REJECT
-A FORWARD -j REJECT
COMMIT
Kod: Zaznacz cały
-A INPUT -p tcp --dport 80 -j ACCEPT