Linux 版 (精华区)
发信人: lofe (〖感激生活Θ垃圾桶〗), 信区: Linux
标 题: IPtable 1.0.7指南(六)
发信站: 哈工大紫丁香 (2001年12月11日13:47:17 星期二), 站内信件
###########################################################
#
# OUTPUT chain
#
#
# Get rid of bad TCP packets
#
$IPTABLES -A FORWARD -p tcp ! --syn -m state --state NEW -j LOG
--log-prefix "New not syn:"
$IPTABLES -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP
#
# Allow ourself to send packets not spoofed everywhere
#
$IPTABLES -A OUTPUT -p ALL -d $LO_IFACE -s $LO_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -d $LAN_IP-s $LAN_IP -j ACCEPT
$IPTABLES -A OUTPUT -p ALL -d $INET_IFACE -s $INET_IP -j ACCEPT
#
# Logging rule
#
$IPTABLES -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT OUTPUT packet died: "
刷新规则
#!/bin/sh
#
# Resets the iptables to default values, in case you screw something
up
# while setting your rc.firewall up - as I did quite a few times;)
#
# Author: Oskar Andreasson
# (c) of BoingWorld.com, use at your own risk, do whatever you please
with
# it as long as you don't distribute this with due credits to
# BoingWorld.com
#
# reset the default policies in the filter table.
#
/usr/local/sbin/iptables -P INPUT ACCEPT
/usr/local/sbin/iptables -P FORWARD ACCEPT
/usr/local/sbin/iptables -P OUTPUT ACCEPT
#
# reset the default policies in the nat table.
#
/usr/local/sbin/iptables -t nat -P PREROUTING ACCEPT
/usr/local/sbin/iptables -t nat -P POSTROUTING ACCEPT
/usr/local/sbin/iptables -t nat -P OUTPUT ACCEPT
#
# flush all the rules in the filter and nat tables.
#
/usr/local/sbin/iptables -F
/usr/local/sbin/iptables -t nat -F
#
# erase all chains that's not default in filter and nat table.
#
/usr/local/sbin/iptables -X
/usr/local/sbin/iptables -t nat -X
相关链接
相关文章
关键字
IPtable, 防火墙,
来自
最后更新: 2001年10月16日
--
═══════════════════﹃
过 而 结 要 情 有 结 而 过 要 情 有
程 不 果 的 , 些 果 不 程 的 , 些
。 是 , 是 重 事 ; 是 , 是 重 事
﹄═══════════════════
※ 来源:·哈工大紫丁香 bbs.hit.edu.cn·[FROM: 210.82.167.241]
Powered by KBS BBS 2.0 (http://dev.kcn.cn)
页面执行时间:2.218毫秒