熟悉iptables的帮忙看看!解决办法
日期:2014-05-16 浏览次数:20603 次
熟悉iptables的帮忙看看!!
我的这个iptables的脚本可以运行吗?怎么运行?
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# (2) User-defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,TELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules
# Rules for incoming packets from LAN
iptables -A INPUT -P ALL -i eth0:1 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 192.168.1.8 -j ACCEPT
iptables -A INPUT -P ALL -i eth0:1 -d 10.0.0.255 -j ACCEPT
#Rules for incoming packets from the Internet
#Packets for established connections
iptables -A INPUT -p ALL -d 192.168.1.8 -m state --state \ ESTABLISHED,RELATED -j ACCEPT
# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
# icmp rules
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 8 -j ACCEPT
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 11 -j ACCEPT
# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth0:1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# (5) output chain rules
# Only output &nbs
我的这个iptables的脚本可以运行吗?怎么运行?
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# (2) User-defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,TELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules
# Rules for incoming packets from LAN
iptables -A INPUT -P ALL -i eth0:1 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 192.168.1.8 -j ACCEPT
iptables -A INPUT -P ALL -i eth0:1 -d 10.0.0.255 -j ACCEPT
#Rules for incoming packets from the Internet
#Packets for established connections
iptables -A INPUT -p ALL -d 192.168.1.8 -m state --state \ ESTABLISHED,RELATED -j ACCEPT
# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
# icmp rules
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 8 -j ACCEPT
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 11 -j ACCEPT
# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth0:1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# (5) output chain rules
# Only output &nbs
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
