[ Pobierz całość w formacie PDF ]
.Example scripts codebase-j TCPMSS  clamp-mss-to-pmtufi$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE## Bad TCP packets we don t want#$IPTABLES -A FORWARD -p tcp -j bad_tcp_packets## Accept the packets we actually want to forward#$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT$IPTABLES -A FORWARD -m state  state ESTABLISHED,RELATED -j ACCEPT$IPTABLES -A FORWARD -m limit  limit 3/minute  limit-burst 3 \-j LOG  log-level DEBUG  log-prefix "IPT FORWARD packet died: "## INPUT chain## Bad TCP packets we don t want#$IPTABLES -A INPUT -p tcp -j bad_tcp_packets## Rules for incoming packets from the internet#$IPTABLES -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets$IPTABLES -A INPUT -p TCP -i $INET_IFACE -j tcp_packets$IPTABLES -A INPUT -p UDP -i $INET_IFACE -j udpincoming_packets## Rules for special networks not part of the Internet#$IPTABLES -A INPUT -p ALL -i $LO_IFACE -d $LO_IP -j ACCEPT$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT$IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT$IPTABLES -A INPUT -p ALL -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT$IPTABLES -A INPUT -p ALL -i $INET_IFACE -m state \ state ESTABLISHED,RELATED -j ACCEPT$IPTABLES -A INPUT -m limit  limit 3/minute  limit-burst 3 \-j LOG  log-level DEBUG  log-prefix "IPT INPUT packet died: "## OUTPUT chain## Bad TCP packets we don t want#$IPTABLES -A OUTPUT -p tcp -j bad_tcp_packets$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT$IPTABLES -A OUTPUT -p ALL -o $LAN_IFACE -j ACCEPT$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT$IPTABLES -A OUTPUT -m limit  limit 3/minute  limit-burst 3 \-j LOG  log-level DEBUG  log-prefix "IPT OUTPUT packet died: "84 Appendix I.Example scripts codebaseExample rc.flush-iptables script#!/bin/sh## rc.flush-iptables - Resets iptables to default values.## Copyright (C) 2001 Oskar Andreasson## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; version 2 of the License.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program or from the site that you downloaded it# from; if not, write to the Free Software Foundation, Inc., 59 Temple# Place, Suite 330, Boston, MA 02111-1307 USA## Configurations#IPTABLES="/usr/sbin/iptables"## reset the default policies in the filter table.#$IPTABLES -P INPUT ACCEPT$IPTABLES -P FORWARD ACCEPT$IPTABLES -P OUTPUT ACCEPT## reset the default policies in the nat table.#$IPTABLES -t nat -P PREROUTING ACCEPT$IPTABLES -t nat -P POSTROUTING ACCEPT$IPTABLES -t nat -P OUTPUT ACCEPT## reset the default policies in the mangle table.#$IPTABLES -t mangle -P PREROUTING ACCEPT$IPTABLES -t mangle -P OUTPUT ACCEPT## flush all the rules in the filter and nat tables.#$IPTABLES -F$IPTABLES -t nat -F$IPTABLES -t mangle -F## erase all chains that s not default in filter and nat table.#$IPTABLES -X85 Appendix I.Example scripts codebase$IPTABLES -t nat -X$IPTABLES -t mangle -XExample rc.test-iptables script#!/bin/bash## rc.test-iptables - test script for iptables chains and tables.## Copyright (C) 2001 Oskar Andreasson## This program is free software; you can redistribute it and/or modify# it under the terms of the GNU General Public License as published by# the Free Software Foundation; version 2 of the License.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program or from the site that you downloaded it# from; if not, write to the Free Software Foundation, Inc., 59 Temple# Place, Suite 330, Boston, MA 02111-1307 USA### Filter table, all chains#iptables -t filter -A INPUT -p icmp  icmp-type echo-request \-j LOG  log-prefix="filter INPUT:"iptables -t filter -A INPUT -p icmp  icmp-type echo-reply \-j LOG  log-prefix="filter INPUT:"iptables -t filter -A OUTPUT -p icmp  icmp-type echo-request \-j LOG  log-prefix="filter OUTPUT:"iptables -t filter -A OUTPUT -p icmp  icmp-type echo-reply \-j LOG  log-prefix="filter OUTPUT:"iptables -t filter -A FORWARD -p icmp  icmp-type echo-request \-j LOG  log-prefix="filter FORWARD:"iptables -t filter -A FORWARD -p icmp  icmp-type echo-reply \-j LOG  log-prefix="filter FORWARD:"## NAT table, all chains except OUTPUT which don t work.#iptables -t nat -A PREROUTING -p icmp  icmp-type echo-request \-j LOG  log-prefix="nat PREROUTING:"iptables -t nat -A PREROUTING -p icmp  icmp-type echo-reply \-j LOG  log-prefix="nat PREROUTING:"iptables -t nat -A POSTROUTING -p icmp  icmp-type echo-request \-j LOG  log-prefix="nat POSTROUTING:"iptables -t nat -A POSTROUTING -p icmp  icmp-type echo-reply \-j LOG  log-prefix="nat POSTROUTING:"iptables -t nat -A OUTPUT -p icmp  icmp-type echo-request \-j LOG  log-prefix="nat OUTPUT:"iptables -t nat -A OUTPUT -p icmp  icmp-type echo-reply \-j LOG  log-prefix="nat OUTPUT:"86 Appendix I.Example scripts codebase## Mangle table, all chains#iptables -t mangle -A PREROUTING -p icmp  icmp-type echo-request \-j LOG  log-prefix="mangle PREROUTING:"iptables -t mangle -A PREROUTING -p icmp  icmp-type echo-reply \-j LOG  log-prefix="mangle PREROUTING:"iptables -t mangle -A OUTPUT -p icmp  icmp-type echo-request \-j LOG  log-prefix="mangle OUTPUT:"iptables -t mangle -A OUTPUT -p icmp  icmp-type echo-reply \-j LOG  log-prefix="mangle OUTPUT:"87 [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • necian.htw.pl