论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2008-06-26 16:40 |只看该作者 |倒序浏览

我现在的情况是：不启动iptables时可以任意的收发邮件,但是启动iptables后不可以向外发信件，
可以在内部收发信件。我的要求是 INPUT OUTPUT FORWARD 都DROP掉。请问我改添加那些
iptables规则链！
我的iptables规则如下：
[root@webserver /]# iptables -L
Chain INPUT (policy DROP)
target    prot opt source             destination
ACCEPT    udp  --  anywhere          anywhere          udp spt:domain
ACCEPT    udp  --  anywhere          anywhere          udp dpt:domain
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:http
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:sunrpc
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:5084
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:32769
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:10088
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3s
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ftp-data
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ftp
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ssh

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:smtp
ACCEPT    udp  --  anywhere          anywhere          udp spt:domain
ACCEPT    udp  --  anywhere          anywhere          udp dpt:domain
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:ssh

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination
ACCEPT    udp  --  anywhere          anywhere          udp dpt:domain
ACCEPT    udp  --  anywhere          anywhere          udp spt:domain
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:10088
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3s
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:sunrpc
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:smtp
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:pop3s
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:pop3
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:sunrpc
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp dpt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8009
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:8005
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:mysql
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:http
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:webcache
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:ftp
ACCEPT    tcp  --  anywhere          anywhere          tcp spt:ssh
希望那位大侠能帮帮忙！在下万分感激！