敬业的IT人 >> 网络技术 >> 网络安全 >> 一些iptables的具体应用

一些iptables的具体应用

敬业的IT人 互联网 佚名 2007-12-30 11:37:50

  ICMP相关应用

  使自己不能ping通127.0.0.1

  iptables-AINPUT-s127.0.0.1-picmp-jDROP

  192.168.0.0/24网段无法ping能本机

  iptables-AINPUT-s192.168.0.0/24-picmp-jDROP

  禁所有机器

  #iptables-AINPUT-s0/0-picmp-jDROP

  #ICMP(PING)接受!echo-request

  /sbin/iptables-AINPUT-picmp--icmp-type!echo-request-jACCEPT

  accept_redirects

  #echo"0">/proc/sys/net/ipv4/conf/all/accept_redirects

  or

  #sysctlnet.ipv4.conf.all.accept_redirects="0"

  禁止IP访问自己

  [root@linuxroot]#iptables-AINPUT-s192.168.0.253-jDROP

  封杀MSN

  /sbin/iptables-IFORWARD-dgateway.messenger.hotmail.com-jDROP

  /sbin/iptables-IFORWARD-ptcp--dport1863-jDROP

  封杀QQ

  /sbin/iptables-AFORWARD-ptcp-dtcpconn.tencent.com--dport80-jDROP

  /sbin/iptables-AFORWARD-ptcp-dtcpconn.tencent.com--dport443-jDROP

  /sbin/iptables-AFORWARD-ptcp-dtcpconn2.tencent.com-jDROP

  /sbin/iptables-AFORWARD-ieth0-pudp--dport8000-jDROP

  封杀BT

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport6881:6890-jDROP

  WWW

  #禁止>>WWW

  /sbin/iptables-AFORWARD-ptcp--dport80-jDROP

  #开放>>WWW

  /sbin/iptables-AFORWARD-ptcp--dport80-jACCEPT

  FTP

  #禁止FTP

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport20-jDROP

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport21-jDROP

  #开放FTP

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport20-jACCEPT

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport21-jACCEPT

  SMTP,POP3

  #禁止SMTP,POP3

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport25-jDROP

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport110-jDROP

  #开入SMTP,POP3

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport25-jACCEPT

  /sbin/iptables-AFORWARD-ieth0-ptcp--dport110-jACCEPT

  Samba

  #禁止Samba

  [root@linuxroot]#iptables-AFORWARD-ptcp--sport137:139-jDROP

  [root@linuxroot]#iptables-AFORWARD-pudp--sport137:139-jDROP

  DROP

  #DROPOTHERS

  /sbin/iptables-AFORWARD-ieth0-mstate--stateESTABLISHED,RELATED-jACCEPT

  /sbin/iptables-AFORWARD-s192.168.1.0/24-jDROP
粤ICP备06119539号
Copyright CiscoSky.Org,Some Rights Reserved.
Email:me1228#tom.com