论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2006-12-14 15:40 |只看该作者 |倒序浏览

我的Iptables 规则列表如下.防不住p2p软件怎么回事?IPTABLES我是菜菜.\r\n[root@localhost root]# iptables -nL\r\nChain INPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0/0 0.0.0.0/0 \r\nsyn-flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 \r\nDROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW \r\nDROP all -f 0.0.0.0/0 0.0.0.0/0 \r\nDROP all -- 0.0.0.0/0 127.0.0.0/8 \r\nACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 \r\nACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53 state ESTABLISHED \r\nACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:53 state RELATED,ESTABLISHED \r\nACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 \r\nACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 state RELATED,ESTABLISHED \r\nACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:443 state RELATED,ESTABLISHED \r\nACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:20 state RELATED,ESTABLISHED \r\nACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED \r\n\r\nChain FORWARD (policy DROP)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0/0 0.0.0.0/0 \r\nACCEPT all -- 0.0.0.0/0 0.0.0.0/0 \r\nACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED \r\nDROP all -- 0.0.0.0/0 0.0.0.0/0 ipp2p v0.8.1_rc1 --bit \r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget prot opt source destination \r\nACCEPT all -- 0.0.0.0/0 0.0.0.0/0 \r\n\r\nChain syn-flood (1 references)\r\ntarget prot opt source destination \r\nRETURN all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 4 \r\nDROP all -- 0.0.0.0/0 0.0.0.0/0 \r\n\r\n\r\n\r\n其中网卡如下:\r\n[root@localhost root]# ifconfig\r\neth0 Link encap:Ethernet HWaddr 00:05:5D:FE:C0:C2 \r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:222438 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:220364 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:100 \r\n RX bytes:181074003 (172.6 Mb) TX bytes:90612515 (86.4 Mb)\r\n Interrupt:12 Base address:0xa000 \r\n\r\neth1 Link encap:Ethernet HWaddr 00:90:27:22:57:61 \r\n inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0\r\n UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1\r\n RX packets:217490 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:217058 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:100 \r\n RX bytes:85823866 (81.8 Mb) TX bytes:178269091 (170.0 Mb)\r\n Interrupt:12 Base address:0xa400 Memory:e3000000-e3000038 \r\n\r\nlo Link encap:Local Loopback \r\n inet addr:127.0.0.1 Mask:255.0.0.0\r\n UP LOOPBACK RUNNING MTU:16436 Metric:1\r\n RX packets:31 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:31 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:0 \r\n RX bytes:2974 (2.9 Kb) TX bytes:2974 (2.9 Kb)\r\n\r\nppp0 Link encap

oint-to-Point Protocol \r\n inet addr:221.220.39.172 P-t-P:221.220.192.1 Mask:255.255.255.255\r\n UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1\r\n RX packets:222092 errors:0 dropped:0 overruns:0 frame:0\r\n TX packets:220275 errors:0 dropped:0 overruns:0 carrier:0\r\n collisions:0 txqueuelen:3 \r\n RX bytes:176140632 (167.9 Mb) TX bytes:85763725 (81.7 Mb)\r\n\r\n是ADSL 共享上网.各位大大有什么建议吗?我这个有什么问题?\r\n\r\necho 1 > /proc/sys/net/ipv4/ip_forward\r\n\r\niptables -F\r\niptables -X\r\niptables -Z\r\n\r\niptables -A FORWARD -i eth1 -j ACCEPT\r\niptables -A FORWARD -o eth1 -j ACCEPT\r\niptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\niptables -P FORWARD DROP\r\n\r\niptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE\r\n\r\n\r\n\r\niptables -A INPUT -i lo -j ACCEPT\r\niptables -A OUTPUT -o lo -j ACCEPT\r\n\r\niptables -N syn-flood\r\niptables -A INPUT -i ppp0 -p tcp --syn -j syn-flood\r\niptables -A syn-flood -m limit --limit 1/s --limit-burst 4 -j RETURN\r\niptables -A syn-flood -j DROP\r\n\r\niptables -A INPUT -i ppp0 -p tcp ! --syn -m state --state NEW -j DROP\r\n\r\niptables -A INPUT -i ppp0 -f -j DROP\r\n\r\niptables -A INPUT -i ppp0 -d 127.0.0.0/8 -j DROP\r\n\r\niptables -A INPUT -i ppp0 -p udp -d 0/0 --dport 67:68 -j ACCEPT\r\n\r\niptables -A INPUT -i ppp0 -p udp -s 0/0 --sport 53 -m state --state ESTABLISHED -j ACCEPT\r\niptables -A INPUT -i ppp0 -p tcp -s 0/0 --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\niptables -A INPUT -i ppp0 -p tcp -d 0/0 --dport 22 -j ACCEPT\r\n\r\niptables -A INPUT -i ppp0 -p tcp -s 0/0 --sport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT\r\niptables -A INPUT -i ppp0 -p tcp -s 0/0 --sport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\niptables -A INPUT -i ppp0 -p tcp -s 0/0 --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\niptables -A INPUT -i ppp0 -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT\r\niptables -A FORWARD -m ipp2p --bit -j DROP

zeroflag

白手起家

论坛徽章:: 0

2楼 [报告]

发表于 2006-12-20 15:47 |只看该作者

一个简单的办法，将iptables的状态表刷新时间改小，比如30s之类的。能够起到一定的作用。

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

返回列表

Chinaunix › 论坛 › 备份版区 › 攻防交流区 › Iptables 防P2P软件问题!

Iptables 防P2P软件问题! [复制链接]