|
|
发表于 2005-3-24 11:30:37
|
显示全部楼层
inter_ip="xxx.xxx.xxx.xxx"
lan_ip="192.168.0.1"
lo_ip="127.0.0.1"
IPTABLES="/sbin/iptables"
#/sbin/depmod -a
#/sbin/modprobe ip_tables
#/sbin/modprobe iptable_filter
#/sbin/modprobe iptable_nat
#/sbin/modprobe ipt_state
echo "1" > /proc/sys/net/ipv4/ip_forward
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -F
$IPTABLES -N allowed
$IPTABLES -N tcp_packets
$IPTABLES -N udp_packets
$IPTABLES -N icmp_packets
$IPTABLES -A allowed -p TCP --syn -j ACCEPT
$IPTABLES -A allowed -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A allowed -p TCP -j DROP
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 21 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 23 -j allowed
$IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 5900 -j allowed
$IPTABLES -A udp_packets -p UDP -s 0/0 --dport 27888 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 8 -j ACCEPT
$IPTABLES -A icmp_packets -p ICMP -s 0/0 --icmp-type 11 -j ACCEPT
$IPTABLES -A INPUT -p ALL -i eth1 -s 192.168.0.0/24 -j ACCEPT
$IPTABLES -A INPUT -p ALL -i lo -s $lo_ip -j ACCEPT
$IPTABLES -A INPUT -p ALL -i lo -s $lan_ip -j ACCEPT
$IPTABLES -A INPUT -p ALL -i lo -s $inter_ip -j ACCEPT
$IPTABLES -A INPUT -p ALL -d $inter_ip -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A INPUT -p TCP -i eth0 -j tcp_packets
$IPTABLES -A INPUT -p UDP -i eth0 -j udp_packets
$IPTABLES -A INPUT -p ICMP -i eth0 -j icmp_packets
$IPTABLES -A FORWARD -i eth1 -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $lo_ip -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $lan_ip -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -s $inter_ip -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j SNAT --to-source $inter_ip
再试试 |
|
IP卡
狗仔卡
显身卡