|
|
发表于 2007-3-7 04:11:13
|
显示全部楼层
ifconfig eth0 192.168.1.2 netmask 255.255.255.0 up
pppoe-start > /dev/null 2>&1
PPP=`ifconfig |grep P-t-P |awk '{print $2}' |awk -F : '{print $2}'`
echo "Starting PPPoE daedon: " $PPP
lynx -mime_header -auth=username:passwd "http://www.3322.org/dyndns/update?system=dyndns&hostname=wolveseyes.3322.org" > /dev/null 2>&1
iptables -F -t filter
iptables -I INPUT -i ! ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -p tcp --dport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -p udp --dport 4662 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -p udp --dport 4665 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -p tcp --dport 6666 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -p udp --dport 6666 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -s $PPP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -i ppp0 -d $PPP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -p tcp -m multiport --dport 22,21,80 -j ACCEPT
iptables -A INPUT -j DROP
我自己写的规则,一直在用。ADSL拨号用这个估计也没问题了。6666是rtorrent的端口,4662,4665是amule.
22.21.80的常用的那几个服务。如果不用的话都可以禁止掉。
我不知道/etc/rc.d/下有没有rc.firewall这个文件。我稀里糊涂的mv rc.online rc.firewall后,在rc.inet2里才看见
# If there is a firewall script, run it before enabling packet forwarding.
# See the HOWTOs on http://www.netfilter.org/ for documentation on
# setting up a firewall or NAT on Linux. In some cases this might need to
# be moved past the section below dealing with IP packet forwarding.
if [ -x /etc/rc.d/rc.firewall ]; then
/etc/rc.d/rc.firewall start
fi
哪个兄台有原本的rc.firewall。麻烦也贴下。 |
|
IP卡
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡