A
в графике у меня одни правила в файрволе, а в консоли совершенно другие
Size: a a a
2021 March 18
A
ip firewall filter print команда дала вышеуказанные правила с 645 портом
A
465 портом
A
прошу прощения господа
A
1 ;;; defconf: accept established,related,untracked
chain=input action=accept connection-state=established,related,untracked
2 chain=input action=accept protocol=tcp dst-port=1023 log=yes log-prefix=""
3 chain=input action=accept protocol=tcp dst-port=1024 log=yes log-prefix=""
4 chain=input action=accept protocol=tcp dst-port=465 log=no log-prefix=""
5 X chain=input action=accept protocol=tcp dst-port=10022 log=no log-prefix=""
6 chain=input action=accept protocol=tcp in-interface=ether1 dst-port=1194 log=no log-prefix=""
7 chain=input action=accept protocol=gre log=no
8 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61456 log=no log-prefix=""
9 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61455 log=no log-prefix=""
10 chain=input action=accept protocol=udp in-interface=ether1 dst-port=500 log=no log-prefix=""
11 chain=input action=accept protocol=tcp dst-port=1723 log=no
12 chain=input action=accept protocol=udp in-interface=ether1 dst-port=3047 log=no log-prefix=""
13 chain=input action=accept protocol=udp in-interface=ether1 dst-port=6672 log=no log-prefix=""
14 chain=input action=accept protocol=tcp in-interface=ether1 dst-port=8291 log=yes log-prefix="wan_filter"
15 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61457 log=no log-prefix=""
16 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61458 log=no log-prefix=""
17 chain=input action=accept protocol=tcp dst-port=37777 log=yes log-prefix=""
18 chain=input action=accept protocol=udp dst-port=37778 log=yes log-prefix=""
19 chain=input action=accept protocol=tcp dst-port=554 log=no log-prefix=""
20 chain=input action=accept protocol=udp dst-port=500,1701,554 log=no log-prefix=""
21 X chain=input action=accept protocol=udp dst-port=1701 log=no log-prefix=""
22 chain=input action=accept in-interface=l2tpuserchernoe log=no log-prefix=""
23 chain=forward action=accept in-interface=bridge out-interface=all-ppp log=no log-prefix=""
24 chain=forward action=accept in-interface=all-ppp out-interface=bridge log=no log-prefix=""
25 ;;; smtp rvi mail
chain=forward action=accept protocol=tcp in-interface=all-ethernet out-interface=all-ethernet dst-port=465 log=no log-prefix=""
26 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
27 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
28 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
29 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
30 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
31 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
32 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
33 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
34 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
35 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
36 chain=forward log=no
chain=input action=accept connection-state=established,related,untracked
2 chain=input action=accept protocol=tcp dst-port=1023 log=yes log-prefix=""
3 chain=input action=accept protocol=tcp dst-port=1024 log=yes log-prefix=""
4 chain=input action=accept protocol=tcp dst-port=465 log=no log-prefix=""
5 X chain=input action=accept protocol=tcp dst-port=10022 log=no log-prefix=""
6 chain=input action=accept protocol=tcp in-interface=ether1 dst-port=1194 log=no log-prefix=""
7 chain=input action=accept protocol=gre log=no
8 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61456 log=no log-prefix=""
9 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61455 log=no log-prefix=""
10 chain=input action=accept protocol=udp in-interface=ether1 dst-port=500 log=no log-prefix=""
11 chain=input action=accept protocol=tcp dst-port=1723 log=no
12 chain=input action=accept protocol=udp in-interface=ether1 dst-port=3047 log=no log-prefix=""
13 chain=input action=accept protocol=udp in-interface=ether1 dst-port=6672 log=no log-prefix=""
14 chain=input action=accept protocol=tcp in-interface=ether1 dst-port=8291 log=yes log-prefix="wan_filter"
15 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61457 log=no log-prefix=""
16 chain=input action=accept protocol=udp in-interface=ether1 dst-port=61458 log=no log-prefix=""
17 chain=input action=accept protocol=tcp dst-port=37777 log=yes log-prefix=""
18 chain=input action=accept protocol=udp dst-port=37778 log=yes log-prefix=""
19 chain=input action=accept protocol=tcp dst-port=554 log=no log-prefix=""
20 chain=input action=accept protocol=udp dst-port=500,1701,554 log=no log-prefix=""
21 X chain=input action=accept protocol=udp dst-port=1701 log=no log-prefix=""
22 chain=input action=accept in-interface=l2tpuserchernoe log=no log-prefix=""
23 chain=forward action=accept in-interface=bridge out-interface=all-ppp log=no log-prefix=""
24 chain=forward action=accept in-interface=all-ppp out-interface=bridge log=no log-prefix=""
25 ;;; smtp rvi mail
chain=forward action=accept protocol=tcp in-interface=all-ethernet out-interface=all-ethernet dst-port=465 log=no log-prefix=""
26 ;;; defconf: drop invalid
chain=input action=drop connection-state=invalid log=no log-prefix=""
27 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
28 ;;; defconf: accept to local loopback (for CAPsMAN)
chain=input action=accept dst-address=127.0.0.1
29 ;;; defconf: drop all not coming from LAN
chain=input action=drop in-interface-list=!LAN log=no log-prefix=""
30 ;;; defconf: accept in ipsec policy
chain=forward action=accept ipsec-policy=in,ipsec
31 ;;; defconf: accept out ipsec policy
chain=forward action=accept ipsec-policy=out,ipsec
32 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
33 ;;; defconf: accept established,related, untracked
chain=forward action=accept connection-state=established,related,untracked
34 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""
35 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN log=no log-prefix=""
36 chain=forward log=no
ЮО
И?
k
ииии все. всего 36 правил.
A
))))) ну я не профи в микротах
LV
парни подскажите где в микроте настройка что бы при пинге сам микрот отображался не ip а DNS записью?
LV
на подобии ms n6k-qfx-KX9.net [81.177.224.25]
AN
А из чего пингаем?
AN
И по доменному имени?
LV
Суть...есть микрот за натом микрота есть сетка из этой сетки пингаем маил ру. так вот первый хоп это микрот. как сделать что бы микрот отображался не списком непонятных символов а понятным именем?
AN
A
Народ дайте привет правила для открытия исходящего порта 465
AN
Пингаем и первый хоп???
AN
Мб трассу?
LV
как изменить вот это имя?
AN
Вроде это ptr записью делается