VNC
構成ファイルからポートを削除し、リフレッシュと再起動を実行しました。5901
csf.conf
csf -f
csf -x
csf -e
CSF
ポートで実行されているポートがあり、vncserver
ファイルに存在しないコンピュータで操作を実行すると、次5901
のメッセージが表示されます。nmap -p 5901 MYIP
csf.allow
5901/tcp open vnc-1
次に、次のコマンドを実行します。
iptables -A INPUT -p tcp --dport 5901 -j DROP
systemctl restart iptables
今私がするときは、nmap -p 5901 MYIP
次のようになります。
5901/tcp closed vnc-1
それでもvncserver
聞いていますが、トラフィックがブロックされました。いいですね。予想される結果です。
CSF
ポートがデフォルトでブロックされない理由は疑問です。私が理解したように、そのセクションで設定されていないすべてのCSF
ポートがブロックされます。ALLOW INCOMING
csf.conf
出力は次のとおりですcsf -l
。
# csf -l
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- !lo * 8.8.4.4 0.0.0.0/0 tcp dpt:53
2 0 0 ACCEPT udp -- !lo * 8.8.4.4 0.0.0.0/0 udp dpt:53
3 0 0 ACCEPT tcp -- !lo * 8.8.4.4 0.0.0.0/0 tcp spt:53
4 0 0 ACCEPT udp -- !lo * 8.8.4.4 0.0.0.0/0 udp spt:53
5 0 0 ACCEPT tcp -- !lo * 8.8.8.8 0.0.0.0/0 tcp dpt:53
6 0 0 ACCEPT udp -- !lo * 8.8.8.8 0.0.0.0/0 udp dpt:53
7 0 0 ACCEPT tcp -- !lo * 8.8.8.8 0.0.0.0/0 tcp spt:53
8 15 1568 ACCEPT udp -- !lo * 8.8.8.8 0.0.0.0/0 udp spt:53
9 11269 682K LOCALINPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
10 50 3627 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
11 11075 666K INVALID tcp -- !lo * 0.0.0.0/0 0.0.0.0/0
12 11063 666K ACCEPT all -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
13 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
14 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
15 1 48 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
16 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
17 17 884 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
18 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
19 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:143
20 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
21 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:465
22 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
23 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
24 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
25 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2222
26 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8023
27 14 800 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25565
28 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8080
29 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:64738
30 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpts:25000:25002
31 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8081
32 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8888
33 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:7777
34 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
35 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
36 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
37 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpts:25000:25003
38 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:8081
39 0 0 ACCEPT udp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:8888
40 5 420 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 8 limit: avg 1/sec burst 5
41 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 0 limit: avg 1/sec burst 5
42 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 11
43 0 0 ACCEPT icmp -- !lo * 0.0.0.0/0 0.0.0.0/0 icmptype 3
44 1 35 LOGDROPIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 8.8.4.4 tcp dpt:53
2 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 8.8.4.4 udp dpt:53
3 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 8.8.4.4 tcp spt:53
4 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 8.8.4.4 udp spt:53
5 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 8.8.8.8 tcp dpt:53
6 15 968 ACCEPT udp -- * !lo 0.0.0.0/0 8.8.8.8 udp dpt:53
7 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 8.8.8.8 tcp spt:53
8 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 8.8.8.8 udp spt:53
9 13429 8347K LOCALOUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
10 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
11 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp dpt:53
12 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 tcp spt:53
13 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 udp spt:53
14 50 3627 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
15 13116 8271K INVALID tcp -- * !lo 0.0.0.0/0 0.0.0.0/0
16 13118 8275K ACCEPT all -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
17 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:20
18 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
19 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25
20 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:53
21 6 288 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:80
22 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:110
23 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:113
24 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:443
25 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587
26 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:993
27 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:995
28 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2222
29 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8023
30 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:25565
31 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8080
32 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:64738
33 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpts:25000:25003
34 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8081
35 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:8888
36 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:7777
37 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:20
38 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:21
39 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
40 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:113
41 5 380 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:123
42 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpts:25000:25003
43 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:8081
44 0 0 ACCEPT udp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:8888
45 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 0
46 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 8
47 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 11
48 0 0 ACCEPT icmp -- * !lo 0.0.0.0/0 0.0.0.0/0 icmptype 3
49 162 23019 LOGDROPOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain ALLOWIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- !lo * ** EDITED OUT ** 0.0.0.0/0
2 173 14448 ACCEPT all -- !lo * ** EDITED OUT ** 0.0.0.0/0
Chain ALLOWOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- * !lo 0.0.0.0/0 ** EDITED OUT **
2 156 52520 ACCEPT all -- * !lo 0.0.0.0/0 ** EDITED OUT **
Chain DENYIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- !lo * 84.13.41.77 0.0.0.0/0
2 0 0 DROP all -- !lo * 115.239.228.14 0.0.0.0/0
3 0 0 DROP all -- !lo * 183.136.216.4 0.0.0.0/0
4 0 0 DROP all -- !lo * 61.174.51.223 0.0.0.0/0
5 0 0 DROP all -- !lo * 82.98.168.5 0.0.0.0/0
6 0 0 DROP all -- !lo * 218.2.0.133 0.0.0.0/0
7 0 0 DROP all -- !lo * 149.255.172.10 0.0.0.0/0
8 0 0 DROP all -- !lo * 175.139.182.66 0.0.0.0/0
9 0 0 DROP all -- !lo * 122.225.109.216 0.0.0.0/0
10 0 0 DROP all -- !lo * 115.239.228.9 0.0.0.0/0
11 0 0 DROP all -- !lo * 61.174.50.188 0.0.0.0/0
12 0 0 DROP all -- !lo * 115.239.228.6 0.0.0.0/0
13 0 0 DROP all -- !lo * 61.174.49.106 0.0.0.0/0
14 0 0 DROP all -- !lo * 122.225.109.126 0.0.0.0/0
15 0 0 DROP all -- !lo * 198.11.235.58 0.0.0.0/0
16 0 0 DROP all -- !lo * 168.235.156.205 0.0.0.0/0
17 0 0 DROP all -- !lo * 188.29.164.68 0.0.0.0/0
18 0 0 DROP all -- !lo * 115.231.223.170 0.0.0.0/0
19 0 0 DROP all -- !lo * 188.29.164.12 0.0.0.0/0
20 0 0 DROP all -- !lo * 92.29.74.30 0.0.0.0/0
21 0 0 DROP all -- !lo * 72.94.20.202 0.0.0.0/0
22 0 0 DROP all -- !lo * 188.29.165.91 0.0.0.0/0
23 0 0 DROP all -- !lo * 188.29.164.127 0.0.0.0/0
24 0 0 DROP all -- !lo * 188.29.164.202 0.0.0.0/0
25 0 0 DROP all -- !lo * 188.29.165.62 0.0.0.0/0
26 0 0 DROP all -- !lo * 2.96.208.250 0.0.0.0/0
27 0 0 DROP all -- !lo * 188.29.164.170 0.0.0.0/0
28 0 0 DROP all -- !lo * 188.29.165.16 0.0.0.0/0
29 0 0 DROP all -- !lo * 58.137.224.98 0.0.0.0/0
30 0 0 DROP all -- !lo * 60.251.70.8 0.0.0.0/0
31 0 0 DROP all -- !lo * 41.193.53.71 0.0.0.0/0
32 0 0 DROP all -- !lo * 59.120.39.44 0.0.0.0/0
33 0 0 DROP all -- !lo * 80.153.119.29 0.0.0.0/0
34 0 0 DROP all -- !lo * 109.190.67.128 0.0.0.0/0
35 0 0 DROP all -- !lo * 188.29.164.216 0.0.0.0/0
36 0 0 DROP all -- !lo * 41.224.253.236 0.0.0.0/0
37 0 0 DROP all -- !lo * 81.248.108.219 0.0.0.0/0
38 0 0 DROP all -- !lo * 188.29.164.110 0.0.0.0/0
39 0 0 DROP all -- !lo * 188.29.165.232 0.0.0.0/0
40 0 0 DROP all -- !lo * 81.134.7.168 0.0.0.0/0
41 0 0 DROP all -- !lo * 188.29.164.171 0.0.0.0/0
42 0 0 DROP all -- !lo * 61.40.192.56 0.0.0.0/0
43 0 0 DROP all -- !lo * 173.208.194.38 0.0.0.0/0
44 0 0 DROP all -- !lo * 188.29.164.100 0.0.0.0/0
45 0 0 DROP all -- !lo * 71.94.237.138 0.0.0.0/0
46 0 0 DROP all -- !lo * 188.29.164.64 0.0.0.0/0
47 0 0 DROP all -- !lo * 93.174.93.181 0.0.0.0/0
48 0 0 DROP all -- !lo * 188.29.164.200 0.0.0.0/0
49 0 0 DROP all -- !lo * 195.138.249.11 0.0.0.0/0
50 0 0 DROP all -- !lo * 69.73.180.238 0.0.0.0/0
51 0 0 DROP all -- !lo * 74.208.8.229 0.0.0.0/0
52 3 144 DROP all -- !lo * 74.208.43.32 0.0.0.0/0
53 3 176 DROP all -- !lo * 148.245.192.36 0.0.0.0/0
54 0 0 DROP all -- !lo * 177.139.215.107 0.0.0.0/0
55 0 0 DROP all -- !lo * 1.23.26.27 0.0.0.0/0
56 0 0 DROP all -- !lo * 207.109.141.56 0.0.0.0/0
Chain DENYOUT (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 84.13.41.77
2 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 115.239.228.14
3 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 183.136.216.4
4 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 61.174.51.223
5 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 82.98.168.5
6 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 218.2.0.133
7 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 149.255.172.10
8 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 175.139.182.66
9 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 122.225.109.216
10 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 115.239.228.9
11 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 61.174.50.188
12 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 115.239.228.6
13 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 61.174.49.106
14 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 122.225.109.126
15 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 198.11.235.58
16 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 168.235.156.205
17 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.68
18 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 115.231.223.170
19 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.12
20 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 92.29.74.30
21 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 72.94.20.202
22 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.165.91
23 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.127
24 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.202
25 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.165.62
26 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 2.96.208.250
27 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.170
28 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.165.16
29 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 58.137.224.98
30 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 60.251.70.8
31 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 41.193.53.71
32 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 59.120.39.44
33 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 80.153.119.29
34 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 109.190.67.128
35 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.216
36 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 41.224.253.236
37 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 81.248.108.219
38 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.110
39 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.165.232
40 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 81.134.7.168
41 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.171
42 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 61.40.192.56
43 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 173.208.194.38
44 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.100
45 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 71.94.237.138
46 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.64
47 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 93.174.93.181
48 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 188.29.164.200
49 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 195.138.249.11
50 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 69.73.180.238
51 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 74.208.8.229
52 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 74.208.43.32
53 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 148.245.192.36
54 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 177.139.215.107
55 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 1.23.26.27
56 0 0 LOGDROPOUT all -- * !lo 0.0.0.0/0 207.109.141.56
Chain INVALID (2 references)
num pkts bytes target prot opt in out source destination
1 0 0 INVDROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
2 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
3 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
4 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03
5 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06
6 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x05/0x05
7 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x11/0x01
8 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x18/0x08
9 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x30/0x20
10 0 0 INVDROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
Chain INVDROP (10 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOCALINPUT (1 references)
num pkts bytes target prot opt in out source destination
1 11269 682K ALLOWIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
2 11096 668K DENYIN all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain LOCALOUTPUT (1 references)
num pkts bytes target prot opt in out source destination
1 13429 8347K ALLOWOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
2 13273 8295K DENYOUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPIN (1 references)
num pkts bytes target prot opt in out source destination
1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
2 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
3 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:68
4 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
5 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:111
6 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:111
7 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
8 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:113
9 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:135:139
10 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:135:139
11 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
12 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
13 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:500
14 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500
15 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:513
16 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:513
17 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:520
18 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:520
19 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
20 1 35 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
21 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
22 1 35 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOGDROPOUT (57 references)
num pkts bytes target prot opt in out source destination
1 54 2592 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2 59 10818 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4 162 23019 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain PREROUTING (policy ACCEPT 47 packets, 2619 bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 40 packets, 2264 bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 182 packets, 24283 bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 20 packets, 1264 bytes)
num pkts bytes target prot opt in out source destination
CSFがなぜこのように動作するのかを説明していただければ幸いです。