天道酬勤,学无止境

自定义链

介绍一个Rusty Russell关于iptables快速应用案例

Rusty RussellRusty Russell at linux.conf.au in January 2011BornPaul RussellJanuary 18, 1973 (age 40)London, UKNationalityAustralianOccupationComputer programmerEmployerIBM[1]Known forLinux kernel development,Free Software advocacyWebsitehttp://rusty.ozlabs.org/转自:http://en.wikipedia.org/wiki/Rusty_Russell1、案例场景:一台Linux主机通过一条PPP访问Internet,并阻止外部用户访问该主机。2、配置步骤: (1)添加内核功能模块:(如果内核已包含一下模块可略过) #insmod ip_conntrack #insmod ip_conntrack_ftp (2)创建自定义链block并添加规则: #iptables -N block #iptables -A block -m --state ESTABLISHED,RELATED -j ACCEPT #iptables -A block -m --state NEW -i ! ppp0 -j ACCEPT #iptables

2021-03-26 19:41:40    分类:博客    linux   iptables   自定义链   网络