论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2007-12-12 10:09 |只看该作者 |倒序浏览

环境

ebian Linux

limit-gateway:~# date
Wed Dec 12 10:04:35 CST 2007

# Generated by iptables-save v1.3.6 on Wed Dec 12 10:05:22 2007
*filter
:INPUT ACCEPT [332:23408]
:FORWARD ACCEPT [616661:383158140]
:OUTPUT ACCEPT [369:41155]
:tcp_control - [0:0]
:udp_control - [0:0]
-A FORWARD -p udp -j udp_control
-A FORWARD -p tcp -j tcp_control
-A FORWARD -p icmp -j ACCEPT
-A tcp_control -s 210.30.191.5 -p tcp -j ACCEPT
-A tcp_control -d 210.30.191.5 -p tcp -j ACCEPT
-A tcp_control -m time --timestart 07:30 --timestop 15:30 -m ipp2p --ipp2p -j DR
OP
-A tcp_control -s 210.30.180.0/255.255.255.0 -p tcp -m time --timestart 07:30 --t
imestop 15:30 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-ab
ove 400 --connlimit-mask 32 -j DROP
-A tcp_control -s 210.30.191.14 -p tcp -m time --timestart 07:30 --timestop 15:30
-m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 3 --connl
imit-mask 32 -j DROP
-A tcp_control -s 210.30.180.0/255.255.240.0 -p tcp -m time --timestart 07:30 --t
imestop 15:30 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-ab
ove 30 --connlimit-mask 32 -j DROP
-A udp_control -p udp -m udp --dport 53 -j ACCEPT
-A udp_control -p udp -m udp --sport 123 -j ACCEPT
-A udp_control -p udp -m udp --dport 123 -j ACCEPT
-A udp_control -s 210.30.191.5 -p udp -j ACCEPT
-A udp_control -d 210.30.191.5 -p udp -j ACCEPT
-A udp_control -s 210.30.180.201 -p udp -j ACCEPT
-A udp_control -d 210.30.180.201 -p udp -j ACCEPT
-A udp_control -j DROP
COMMIT
# Completed on Wed Dec 12 10:05:22 2007

iptables -nvxL 结果显示加入时间列表的规则，无法匹配到数据包。
去掉-m time --timestart 07:30 --timestop 15:30 后匹配正常。