konfigurece IPTABLES
Peter Surda
shurdeek na panorama.sth.ac.at
Pátek Duben 18 13:58:43 CEST 2003
On Fri, Apr 18, 2003 at 07:29:12AM +0200, Jaroslav Linhart wrote:
> Vážení můžete mi poradit,
cau
> potřebuji nad IPTABLES měření funguje mi pokud dám do skriptu firewallu
> takto
[cut]
> $IPTABLES -A FORWARD -i eth1 -j ACCEPT
> $IPTABLES -A FORWARD -i eth2 -j ACCEPT
>
> $IPTABLES -A FORWARD -d 192.168.1.0/24 -j ACCEPT
> $IPTABLES -A FORWARD -d 192.168.3.0/24 -j ACCEPT
> $IPTABLES -A FORWARD -d 192.168.X.0/24 -j ACCEPT
>
> $IPTABLES -A FORWARD -p TCP -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
> $IPTABLES -A FORWARD -p UDP -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[cut]
Vysvetlenie: akykolvek target ukonci traverzovanie chainu (okrem jumpov na ine
chainy, v tom pripade po vrateni sa pokracuje dalej). Ked chces nieco merat,
pouzi pravidlo bez targetu.
----------- man ipchains --------------------------
-j, --jump target
This specifies the target of the rule; i.e., what to do if the
packet matches it. The target can be a user- defined chain (other than
the one this rule is in), one of the special builtin targets which
decide the fate of the packet immediately, or an extension (see
EXTENSIONS below). If this option is omitted in a rule, then match
ing the rule will have no effect on the packet's fate, but the
counters on the rule will be incremented.
----------- man ipchains --------------------------
Bye,
Peter Surda (Shurdeek) <shurdeek na panorama.sth.ac.at>, ICQ 10236103, +436505122023
--
rm -f /bin/laden
------------- další část ---------------
A non-text attachment was scrubbed...
Name: [žádný popis není k dispozici]
Type: application/pgp-signature
Size: 240 bytes
Desc: [žádný popis není k dispozici]
URL: <http://www.linux.cz/pipermail/linux/attachments/20030418/3d5eb3f2/attachment.sig>
Další informace o konferenci Linux