Hallo Frank,
vielen Dank für die Antwort.
ucr filter < /etc/univention/templates/files/etc/security/packetfilter.d/10_univention-firewall_start.sh
ergibt ausser dem “Vorspann” nur dies:
[code]# initialise IPv4
/sbin/iptables -F
/sbin/iptables -F -t nat
/sbin/iptables -F -t mangle
accept IPv4 connections from localhost
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT
accept established IPv4 connections
/sbin/iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
accept all ICMP messages
/sbin/iptables -A INPUT -p icmp -j ACCEPT
initialise IPv6
/sbin/ip6tables -F
/sbin/ip6tables -F -t mangle
accept IPv6 connections from localhost
/sbin/ip6tables -A INPUT -i lo -j ACCEPT
/sbin/ip6tables -A OUTPUT -o lo -j ACCEPT
accept established IPv6 connections
/sbin/ip6tables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
accept all ICMPv6 messages
/sbin/ip6tables -A INPUT -p icmpv6 -j ACCEPT[/code]
Dies entspricht exakt dem Inhalt von 10_univention-firewall_start.sh
ucr search --brief packetfilter liefert:
security/packetfilter/defaultpolicy: REJECT
security/packetfilter/disabled: <empty>
security/packetfilter/package/.*: <empty>
security/packetfilter/package/sesam-srv/tcp/11001/all: ACCEPT
security/packetfilter/package/sesam-srv/tcp/11401/all: ACCEPT
security/packetfilter/package/univention-apache/tcp/443/all/en: HTTPS
security/packetfilter/package/univention-apache/tcp/443/all: ACCEPT
security/packetfilter/package/univention-apache/tcp/80/all/en: HTTP
security/packetfilter/package/univention-apache/tcp/80/all: ACCEPT
security/packetfilter/package/univention-bareos/tcp/9101/all/en: bareos-dir
security/packetfilter/package/univention-bareos/tcp/9101/all: ACCEPT
security/packetfilter/package/univention-bareos/tcp/9102/all/en: bareos-fd
security/packetfilter/package/univention-bareos/tcp/9102/all: ACCEPT
security/packetfilter/package/univention-bareos/tcp/9103/all/en: bareos-sd
security/packetfilter/package/univention-bareos/tcp/9103/all: ACCEPT
security/packetfilter/package/univention-base-files/tcp/22/all/en: SSH
security/packetfilter/package/univention-base-files/tcp/22/all: ACCEPT
security/packetfilter/package/univention-base-files/tcp/37/all/en: time
security/packetfilter/package/univention-base-files/tcp/37/all: ACCEPT
security/packetfilter/package/univention-base-files/tcp/49152/all/en: Mediatomb
security/packetfilter/package/univention-base-files/tcp/49152/all: ACCEPT
security/packetfilter/package/univention-base-files/tcp/873/all/en: RSYNC
security/packetfilter/package/univention-base-files/tcp/873/all: ACCEPT
security/packetfilter/package/univention-base-files/udp/123/all/en: ntp
security/packetfilter/package/univention-base-files/udp/123/all: ACCEPT
security/packetfilter/package/univention-base-files/udp/1900/all/en: Mediatomb
security/packetfilter/package/univention-base-files/udp/1900/all: ACCEPT
security/packetfilter/package/univention-base-files/udp/49152/all/en: Mediatomb
security/packetfilter/package/univention-base-files/udp/49152/all: ACCEPT
security/packetfilter/package/univention-bind/tcp/53/all/en: DNS proxy
security/packetfilter/package/univention-bind/tcp/53/all: ACCEPT
security/packetfilter/package/univention-bind/tcp/7777/all/en: DNS server
security/packetfilter/package/univention-bind/tcp/7777/all: ACCEPT
security/packetfilter/package/univention-bind/udp/53/all/en: DNS proxy
security/packetfilter/package/univention-bind/udp/53/all: ACCEPT
security/packetfilter/package/univention-bind/udp/7777/all/en: DNS server
security/packetfilter/package/univention-bind/udp/7777/all: ACCEPT
security/packetfilter/package/univention-dhcp/udp/67/all/en: DHCP
security/packetfilter/package/univention-dhcp/udp/67/all: ACCEPT
security/packetfilter/package/univention-dhcp/udp/68/all/en: DHCP
security/packetfilter/package/univention-dhcp/udp/68/all: ACCEPT
security/packetfilter/package/univention-directory-notifier/tcp/6669/all/en: Univention Directory Notifier
security/packetfilter/package/univention-directory-notifier/tcp/6669/all: ACCEPT
security/packetfilter/package/univention-heimdal-common/tcp/544/all/en: krsh
security/packetfilter/package/univention-heimdal-common/tcp/544/all: ACCEPT
security/packetfilter/package/univention-heimdal-kdc/tcp/464/all/en: kpasswd
security/packetfilter/package/univention-heimdal-kdc/tcp/464/all: ACCEPT
security/packetfilter/package/univention-heimdal-kdc/tcp/749/all/en: kadmin
security/packetfilter/package/univention-heimdal-kdc/tcp/749/all: ACCEPT
security/packetfilter/package/univention-heimdal-kdc/tcp/88/all/en: kerberos
security/packetfilter/package/univention-heimdal-kdc/tcp/88/all: ACCEPT
security/packetfilter/package/univention-heimdal-kdc/udp/464/all/en: kpasswd
security/packetfilter/package/univention-heimdal-kdc/udp/464/all: ACCEPT
security/packetfilter/package/univention-heimdal-kdc/udp/88/all/en: kerberos
security/packetfilter/package/univention-heimdal-kdc/udp/88/all: ACCEPT
security/packetfilter/package/univention-ldap-server/tcp/389/all/en: LDAP
security/packetfilter/package/univention-ldap-server/tcp/389/all: ACCEPT
security/packetfilter/package/univention-ldap-server/tcp/636/all/en: LDAPS
security/packetfilter/package/univention-ldap-server/tcp/636/all: ACCEPT
security/packetfilter/package/univention-ldap-server/tcp/7389/all/en: LDAP
security/packetfilter/package/univention-ldap-server/tcp/7389/all: ACCEPT
security/packetfilter/package/univention-ldap-server/tcp/7636/all/en: LDAPS
security/packetfilter/package/univention-ldap-server/tcp/7636/all: ACCEPT
security/packetfilter/package/univention-management-console-server/tcp/6670/all/en: UMC
security/packetfilter/package/univention-management-console-server/tcp/6670/all: ACCEPT
security/packetfilter/package/univention-nagios-client/tcp/5666/all/en: Nagios NRPE
security/packetfilter/package/univention-nagios-client/tcp/5666/all: ACCEPT
security/packetfilter/package/univention-nfs/tcp/111/all/en: portmap
security/packetfilter/package/univention-nfs/tcp/111/all: ACCEPT
security/packetfilter/package/univention-nfs/tcp/2049/all/en: NFS
security/packetfilter/package/univention-nfs/tcp/2049/all: ACCEPT
security/packetfilter/package/univention-nfs/tcp/32765:32769/all/en: NFS related RPC daemons
security/packetfilter/package/univention-nfs/tcp/32765:32769/all: ACCEPT
security/packetfilter/package/univention-nfs/tcp/4660/all/en: NFS
security/packetfilter/package/univention-nfs/tcp/4660/all: ACCEPT
security/packetfilter/package/univention-nfs/udp/111/all/en: portmap
security/packetfilter/package/univention-nfs/udp/111/all: ACCEPT
security/packetfilter/package/univention-nfs/udp/2049/all/en: NFS
security/packetfilter/package/univention-nfs/udp/2049/all: ACCEPT
security/packetfilter/package/univention-nfs/udp/32765:32769/all/en: NFS related RPC daemons
security/packetfilter/package/univention-nfs/udp/32765:32769/all: ACCEPT
security/packetfilter/package/univention-nfs/udp/4660/all/en: NFS
security/packetfilter/package/univention-nfs/udp/4660/all: ACCEPT
security/packetfilter/package/univention-postgresql/tcp/5432/all/en: postgresql
security/packetfilter/package/univention-postgresql/tcp/5432/all: ACCEPT
security/packetfilter/package/univention-printserver/tcp/631/all/en: IPP
security/packetfilter/package/univention-printserver/tcp/631/all: ACCEPT
security/packetfilter/package/univention-printserver/udp/631/all/en: IPP
security/packetfilter/package/univention-printserver/udp/631/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/1024/all/en: KDM (Samba)
security/packetfilter/package/univention-samba4/tcp/1024/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/135/all/en: RPC (Samba)
security/packetfilter/package/univention-samba4/tcp/135/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/137:139/all/en: netbios (Samba)
security/packetfilter/package/univention-samba4/tcp/137:139/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/3268/all/en: LDAP GC (Samba)
security/packetfilter/package/univention-samba4/tcp/3268/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/3269/all/en: LDAP GC SSL (Samba)
security/packetfilter/package/univention-samba4/tcp/3269/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/389/all/en: LDAP
security/packetfilter/package/univention-samba4/tcp/389/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/445/all/en: microsoft-ds (Samba)
security/packetfilter/package/univention-samba4/tcp/445/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/464/all/en: Kerberos change/set password
security/packetfilter/package/univention-samba4/tcp/464/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/53/all/en: DNS
security/packetfilter/package/univention-samba4/tcp/53/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/636/all/en: LDAPS
security/packetfilter/package/univention-samba4/tcp/636/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/749/all/en: Kerberos admin
security/packetfilter/package/univention-samba4/tcp/749/all: ACCEPT
security/packetfilter/package/univention-samba4/tcp/88/all/en: Kerberos
security/packetfilter/package/univention-samba4/tcp/88/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/123/all/en: TIME
security/packetfilter/package/univention-samba4/udp/123/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/137:139/all/en: netbios (Samba)
security/packetfilter/package/univention-samba4/udp/137:139/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/389/all/en: LDAP
security/packetfilter/package/univention-samba4/udp/389/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/445/all/en: microsoft-ds (Samba)
security/packetfilter/package/univention-samba4/udp/445/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/464/all/en: Kerberos change/set password
security/packetfilter/package/univention-samba4/udp/464/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/53/all/en: DNS
security/packetfilter/package/univention-samba4/udp/53/all: ACCEPT
security/packetfilter/package/univention-samba4/udp/88/all/en: Kerberos
security/packetfilter/package/univention-samba4/udp/88/all: ACCEPT
security/packetfilter/package/univention-squid/tcp/3128/all/en: HTTP proxy
security/packetfilter/package/univention-squid/tcp/3128/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/110/all/en: POP3
security/packetfilter/package/zarafa4ucs/tcp/110/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/143/all/en: IMAP
security/packetfilter/package/zarafa4ucs/tcp/143/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/236/all/en: ZARAFA
security/packetfilter/package/zarafa4ucs/tcp/236/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/237/all/en: ZARAFA encrypted
security/packetfilter/package/zarafa4ucs/tcp/237/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/25/all/en: SMTP
security/packetfilter/package/zarafa4ucs/tcp/25/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/465/all/en: SSMTP
security/packetfilter/package/zarafa4ucs/tcp/465/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/8080/all/en: ICAL
security/packetfilter/package/zarafa4ucs/tcp/8080/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/8443/all/en: ICALS
security/packetfilter/package/zarafa4ucs/tcp/8443/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/993/all/en: IMAPS
security/packetfilter/package/zarafa4ucs/tcp/993/all: ACCEPT
security/packetfilter/package/zarafa4ucs/tcp/995/all/en: POP3S
security/packetfilter/package/zarafa4ucs/tcp/995/all: ACCEPT
security/packetfilter/tcp/.*: <empty>
security/packetfilter/udp/.*: <empty>
security/packetfilter/use_packages:
Das dürfte vom Umfang her dem korrekten Inhalt entsprechen. Damit ist der Server auch entsprechend erreichbar.
Für mich sehen die Einträge unauffällig aus. Kann man hieraus einen Fehler ableiten?
Gruß
Uwe