- 论坛徽章:
- 0
|
本帖最后由 frank533 于 2011-01-04 10:59 编辑
我的iptables脚本如下:
#!/bin/bash
#Enable broadcast echo protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#Disable source routed packects
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done
#Enable TCP SYN Cookie protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
#Define Const
OPEN_PORTS='22,137,138,139,445'
WAN='eth0'
IPT='/sbin/iptables'
#Init policy
$IPT -F
$IPT -X
$IPT -P INPUT DROP
#Enable lo interface
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
#Define rules
$IPT -A INPUT -i $WAN -p udp --sport 53 -j ACCEPT
$IPT -A INPUT -i $WAN -p tcp -m multiport --port $OPEN_PORTS -j ACCEPT
#Define rules for PING
$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPT -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset
$IPT -A INPUT -i $WAN -p udp -j REJECT --reject-with icmp-port-unreachable
大家帮我看看有哪里写的不对?我运行时总是提示:
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
我的系统是ubuntu10.04 server ,iptables是系统自带的1.4.4版
再就是运行后虽然提示错误,但防火墙仍然生效。iptables -L显示如下:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere multiport ports ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds
ACCEPT icmp -- anywhere anywhere icmp echo-reply
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
其中红色那行显示所有端口均是ACCEPT,那是不是说其实后面的规则其实没用? |
|