iptables

Jan Kaspar kaspar_jan na seznam.cz
Středa Květen 1 23:20:34 CEST 2002


posledni pokus o pridani atache.....

Nevite nekdo proc mi nefunguje sluzba www ze strany internetu?

------------- další část ---------------
#!/bin/sh
# --------------------------------------------------------
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# --------------------------------------------------------

echo "1" > /proc/sys/net/ipv4/ip_forward

# --------------------------------------------------------

for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo "1" > ${interface}
done

# --------------------------------------------------------

iptables -A INPUT -i eth0 -p UDP --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p TCP --dport 80 -j ACCEPT 

# --------------------------------------------------------

iptables -A INPUT -p ICMP -i eth0 --icmp-type 0 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 3 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 --icmp-type 11 -j ACCEPT

# --------------------------------------------------------

iptables -A INPUT -i eth1 -p ALL -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A INPUT -j LOG

# --------------------------------------------------------

iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.1.250 -j ACCEPT
iptables -A FORWARD -i eth1 -p TCP --dport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -p UDP --dport 53 -j ACCEPT

#---------------------------------------------------------

iptables -A FORWARD -i eth1 -p TCP --dport 110 -j ACCEPT
iptables -A FORWARD -i eth1 -p UDP --dport 25 -j ACCEPT
iptables -A FORWARD -i eth1 -p TCP --dport 5190 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# --------------------------------------------------------
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


Další informace o konferenci Linux