- 论坛徽章:
- 0
|
我用iptables做NAT,我的iptables-save结果如下:
# Generated by iptables-save v1.3.3 on Wed Oct 12 14:53:24 2005
*nat
REROUTING ACCEPT [69330]
OSTROUTING ACCEPT [67]
:OUTPUT ACCEPT [65]
-A POSTROUTING -s 192.168.0.0/255.255.255.0 -o ppp0 -j MASQUERADE
COMMIT
# Completed on Wed Oct 12 14:53:24 2005
# Generated by iptables-save v1.3.3 on Wed Oct 12 14:53:24 2005
*mangle
REROUTING ACCEPT [150237]
:INPUT ACCEPT [8607]
:FORWARD ACCEPT [141330]
:OUTPUT ACCEPT [860]
OSTROUTING ACCEPT [82116]
COMMIT
# Completed on Wed Oct 12 14:53:24 2005
# Generated by iptables-save v1.3.3 on Wed Oct 12 14:53:24 2005
*filter
:INPUT DROP [3830]
:FORWARD DROP [4726]
:OUTPUT ACCEPT [389]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22,80 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A INPUT -p icmp -m limit --limit 6/min -j ACCEPT
-A INPUT -i ppp0 -p icmp -j DROP
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -s 192.168.0.0/255.255.255.0 -p tcp -m multiport --dports 21,22,23,25,80,110 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -m ipp2p --ipp2p -j DROP
-A FORWARD -m ipp2p --bit --apple --soul --winmx --ares -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j ACCEPT
COMMIT
# Completed on Wed Oct 12 14:53:24 2005
我的系统是红旗高级服务器4.1,为支持IPP2P,重新编译了内核
可用不了两天就当机了,是受到攻击了吗?谁能帮我解答一些,谢谢了! |
|