熟悉iptables帮忙看看!!
[font=楷体_GB2312][size=5][color=red]帮忙看看我这个脚本能运行吗?写的是否完整?怎么运行?[/color][/size][/font][size=3][color=black]# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP[/color][/size]
[size=3][color=black]# (2) User-defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,TELATED -j ACCEPT
iptables -A okay -p TCP -j DROP[/color][/size]
[size=3][color=black]# (3) INPUT chain rules[/color][/size]
[size=3][color=black]# Rules for incoming packets from LAN
iptables -A INPUT -P ALL -i eth0:1 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 192.168.1.8 -j ACCEPT
iptables -A INPUT -P ALL -i eth0:1 -d 10.0.0.255 -j ACCEPT[/color][/size]
[size=3][color=black]#Rules for incoming packets from the Internet[/color][/size]
[size=3][color=black]#Packets for established connections
iptables -A INPUT -p ALL -d 192.168.1.8 -m state --state \ ESTABLISHED,RELATED -j ACCEPT[/color][/size]
[size=3][color=black]# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay[/color][/size]
[size=3][color=black]# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT[/color][/size]
[size=3][color=black]# icmp rules
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 8 -j ACCEPT
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 11 -j ACCEPT[/color][/size]
[size=3][color=black]# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth0:1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT[/color][/size]
[size=3][color=black]# (5) output chain rules
# Only output packets with local addresses (on spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCPET
iptables -A OUTPUT -p ALL -s 10.0.0.1 -j ACCPET
iptables -A OUTPUT -p ALL -s 192.168.1.8 -j ACCPET[/color][/size]
[size=3][color=black]# (6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.8
[/color][/size] 1.这个脚本能运行吗?先学习一下shell怎么行运行。
2.这个脚本是否完整?看你具体需要开放什么服务?根据需要定制,可以配合相关安全工具测试你的脚本,如扫描和攻击安全软件。
3.怎么样学习?论坛里有白金老大写的两小时玩转iptables,并且还有语音,强烈建议下载下来学习一下!
页:
[1]