- 论坛徽章:
- 0
|
[root@longyu rc.d]# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
(对于lo eth0 eth1 在input链上的活动都可以接受)
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
(对于lo eth0 eth1 在FORWARD 链上的活动都可以接受)
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
(对于lo eth0 eth1 在OUTPUT链上的活动都可以接受)
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
这是的as3.0linux的规则,我想通过在firewall文件中实现开ssh, telnet,smtp,http,ftp, 内网和外网都能ping我的linux主机, 还要有state NEW 和state RELATED,ESTABLISHED和功能,我看了这是防火墙新建了一个链,有的地方我看不明白图中红字是我的理解不知是对不对
请iptables的高手给出具体的语法,我是想把input output forward都drop了然后用到什么服务就开什么服务,比如说ssh, ftp, www, telnet, stmp,等.
我的网络环境是一个服务器,双网卡,eth0 接公网IP(x.x.x.x), eth1接局域网(192.168.0.1) 局域网ip为192.168.0.0/24 .
以上的ssh,ftp,www,telnet,stmp等服务器在linux上,在局域网上也有ssh,ftp,www,telnet,stmp等服务器,小弟是用iptables+squid 上网.  |
|
免费注册
发表于 2004-08-31 14:10
