📄 1600.html
字号:
iptables -A OUTPUT -s ${DMZ_NET} -o ${LAN_IF} -p icmp -j DROP<br>
iptables -A OUTPUT -o lo -j ACCEPT<br>
iptables -A OUTPUT -p icmp -m state --state INVALID -j LOG --log-prefix "INVAILD ICMP STATE OUTPUT:"<br>
iptables -A OUTPUT -p icmp -m state --state INVALID -j DROP<br>
iptables -A OUTPUT -m state --state NEW,INVALID -j LOG --log-prefix "INVAILD NEW,INVALID STATE:"<br>
iptables -A OUTPUT -m state --state NEW,INVALID -j DROP<br>
<br>
iptables -A OUTPUT -j DROP<br>
<br>
echo " OK !!!! The OUTPUT rules has been successful applied,conniture......."<br>
<br>
echo " Now applying nat rules ,please wait ...."<br>
#iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE<br>
#iptables -t nat -A PREROUTING -p tcp -i eth1 --dport 23 -j REDIRECT --to-port 14867<br>
iptables -t nat -A PREROUTING -d ${LAN_NET} -i ${UPLINK} -j DROP<br>
iptables -t nat -A PREROUTING -d ${DMZ_NET} -i ${UPLINK} -j DROP<br>
<br>
<br>
if [ " $ROUTER " = " yes " ]<br>
<br>
then<br>
echo " enabing ip_forward,please wait..."<br>
echo 1 >/proc/sys/net/ipv4/ip_forward<br>
echo "OK"<br>
if [ " $NAT " = " dynamic " ]<br>
<br>
then<br>
echo "Enableing MASQUERADING (dynamic ip )..."<br>
echo "Dynamic PPP connection,Now getting the dynamic ip address"<br>
IP_ADDR=`ifconfig ppp0 | grep inet | cut -d : -f 2 | cut -d " " -f 1`<br>
echo " Now you IP ADDRESS is : ${IP_ADDR} "<br>
iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE<br>
iptables -t nat -A POSTROUTING -o ${UPLINK} -s ${DMZ_NET} -j SNAT --to ${IP_ADDR}<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -d ${IP_ADDR} --dport 80 -j DNAT --to ${WEB_IP}:80<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -d ${IP_ADDR} --dport 21 -j DNAT --to ${FTP_IP}:21<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -d ${IP_ADDR} --dport 20 -j DNAT --to ${FTP_IP}:20<br>
if [ " $H323 " = " yes " ]<br>
then<br>
echo "Startting H323 NAT setting......"<br>
for port in ${H323_PORT}<br>
do<br>
<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${IP_ADDR} --dport ${port} -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to ${H323HOST}:${port}<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p udp -d ${IP_ADDR} --dport ${port} -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to ${H323HOST}:${port} <br>
done <br>
fi <br>
echo " OK,NAT setting start succecc.."<br>
elif [ " $NAT " != " " ]<br>
<br>
then<br>
echo "Enableing SNAT (static ip)..."<br>
<br>
# iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP}<br>
iptables -t nat -A POSTROUTING -s ${DMZ_NET} -o ${UPLINK} -j SNAT --to ${UPIP}<br>
iptables -t nat -A POSTROUTING -s ${LAN_NET} -o ${UPLINK} -j SNAT --to ${UPIP}<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${UPIP} --dport 80 -j DNAT --to ${WEB_IP}:80<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${UPIP} --dport 20 -j DNAT --to ${FTP_IP}:20<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${UPIP} --dport 21 -j DNAT --to ${FTP_IP}:21<br>
if [ "$H323 " = " yes " ]<br>
then<br>
echo "Startting H323 NAT setting........" <br>
for port in ${H323_PORT}<br>
<br>
do<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${UPIP} --dport ${port} -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to ${H323HOST}:${port}<br>
iptables -t nat -A PREROUTING -i ${UPLINK} -p udp -d ${UPIP} --dport ${port} -m state --state NEW,ESTABLISHED,RELATED -j DNAT --to ${H323HOST}:${port}<br>
done<br>
fi<br>
echo " OK !!!!"<br>
<br>
fi<br>
fi<br>
if [ " $SELF_SET " = " yes " ]<br>
then<br>
echo "Starting the rules you set yourself......"<br>
# firewall<br>
echo " OK !!!!"<br>
<br>
echo " All rules has been successful applied,enjoy it...."<br>
<br>
<br>
elif [ "$1" = "stop" ]<br>
<br>
then<br>
echo "Stoping Firewall...."<br>
iptables -F INPUT<br>
iptables -P INPUT ACCEPT<br>
iptables -P OUTPUT ACCEPT<br>
iptables -P FORWARD ACCEPT<br>
iptables -F FORWARD<br>
iptables -F OUTPUT<br>
iptables -t nat -F POSTROUTING<br>
iptables -F tcpHandler<br>
iptables -F udpHandler<br>
iptables -F icmpHandler<br>
iptables -F CHECK_FLAGS<br>
iptables -F DROP-AND-LOG<br>
iptables -X tcpHandler<br>
iptables -X udpHandler<br>
iptables -X icmpHandler<br>
iptables -X CHECK_FLAGS<br>
iptables -X DROP-AND-LOG<br>
echo "The firewall has successful shuted down,be careful !!!"<br>
fi<br>
<br>
firewall.conf<br>
<br>
UPLINK=eth1<br>
UPIP=192.168.2.188<br>
ROUTER=yes<br>
NAT=192.168.2.188<br>
INTERFACES=lo eth0 eth1 eth2<br>
SERVICES=http ftp<br>
DENYPORTS=1 7 9 15 107 135 137 138 139 369 389 445 515 752 873 8080 3128 2049 5432 5999 6063 9740 20034 12345 12346 27665 27444 31335 31337 8000 1433 3389 7007 22 23 25 110 79<br>
DENYUDPPORT=7 9 19 22 107 137 138 139 161 162 369<br>
<br>
LAN_IF=eth0<br>
LAN_NET=192.168.1.0/24<br>
DMZ_NET=192.168.3.0/24<br>
DMZ_IF=eth2<br>
DMZ_TCP_PORT=20 21 25 53 80 110<br>
DMZ_UDP_PORT=53<br>
WEB_IP=192.168.3.1<br>
FTP_IP=192.168.3.2<br>
H323_PORT=<br>
H323=no<br>
<br>
#here you can add the block rules yourself ,but be sure you do all these setting otherwise ,it will not work at all !!!!<br>
SELF_SET=<br>
BLOCK_TYPE=<br>
PROTO=<br>
INTE_IF=<br>
SRC=<br>
DST=<br>
DPORT=<br>
ACTION=<br>
ACTION_TYPE=<br>
#here you can add the icmp block rules yourself,Be sure you do all these setting otherwise ,it will not work at all !!!!<br>
ICMP_IF=<br>
ICMP_SRC=<br>
ICMP_DST=<br>
ICMP_ACTION=<br>
ICMP_TYPE=<br>
<br>
<br>
<br>
<br>
http://61.129.112.46/firewall-0.0.2.tar.gz<br>
解包之后运行install.sh,如果要根据自己的需求用的话修改/etc/firewall.conf的相关配置<br>
</FONT><br>
</TD>
</TR>
<TR>
<TD colSpan=2><FONT
class=middlefont></FONT><BR>
<FONT
class=normalfont>全文结束</FONT> </TD>
</TR>
<TR>
<TD background="images/dot.gif" tppabs="http://www.linuxhero.com/docs/images/dot.gif" colSpan=2
height=10></TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></DIV></TD>
<TD vAlign=top width="20%"
background="images/line.gif" tppabs="http://www.linuxhero.com/docs/images/line.gif" rowSpan=2>
<DIV align=center>
<table class=tableoutline cellspacing=1 cellpadding=4
width="100%" align=center border=0>
<tr class=firstalt>
<td noWrap background="images/bgline.gif" tppabs="http://www.linuxhero.com/docs/images/bgline.gif" colspan=2 height=21>
<font class=normalfont><b>所有分类</b></font></td>
</tr>
<tr class=secondalt> <td noWrap width=27%> <font class=normalfont>1:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type1.html" tppabs="http://www.linuxhero.com/docs/type1.html">非技术类</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>2:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type2.html" tppabs="http://www.linuxhero.com/docs/type2.html">基础知识</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>3:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type3.html" tppabs="http://www.linuxhero.com/docs/type3.html">指令大全</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>4:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type4.html" tppabs="http://www.linuxhero.com/docs/type4.html">shell</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>5:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type5.html" tppabs="http://www.linuxhero.com/docs/type5.html">安装启动</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>6:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type6.html" tppabs="http://www.linuxhero.com/docs/type6.html">xwindow</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>7:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type7.html" tppabs="http://www.linuxhero.com/docs/type7.html">kde</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>8:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type8.html" tppabs="http://www.linuxhero.com/docs/type8.html">gnome</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>9:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type9.html" tppabs="http://www.linuxhero.com/docs/type9.html">输入法类</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>10:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type10.html" tppabs="http://www.linuxhero.com/docs/type10.html">美化汉化</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>11:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type11.html" tppabs="http://www.linuxhero.com/docs/type11.html">网络配置</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>12:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type12.html" tppabs="http://www.linuxhero.com/docs/type12.html">存储备份</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>13:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type13.html" tppabs="http://www.linuxhero.com/docs/type13.html">杂项工具</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>14:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type14.html" tppabs="http://www.linuxhero.com/docs/type14.html">编程技术</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>15:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type15.html" tppabs="http://www.linuxhero.com/docs/type15.html">网络安全</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>16:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type16.html" tppabs="http://www.linuxhero.com/docs/type16.html">内核技术</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>17:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type17.html" tppabs="http://www.linuxhero.com/docs/type17.html">速度优化</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>18:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type18.html" tppabs="http://www.linuxhero.com/docs/type18.html">apache</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>19:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type19.html" tppabs="http://www.linuxhero.com/docs/type19.html">email</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>20:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type20.html" tppabs="http://www.linuxhero.com/docs/type20.html">ftp服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>21:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type21.html" tppabs="http://www.linuxhero.com/docs/type21.html">cvs服务</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>22:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type22.html" tppabs="http://www.linuxhero.com/docs/type22.html">代理服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>23:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type23.html" tppabs="http://www.linuxhero.com/docs/type23.html">samba</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>24:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type24.html" tppabs="http://www.linuxhero.com/docs/type24.html">域名服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>25:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type25.html" tppabs="http://www.linuxhero.com/docs/type25.html">网络过滤</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>26:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type26.html" tppabs="http://www.linuxhero.com/docs/type26.html">其他服务</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>27:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type27.html" tppabs="http://www.linuxhero.com/docs/type27.html">nfs</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>28:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type28.html" tppabs="http://www.linuxhero.com/docs/type28.html">oracle</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>29:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type29.html" tppabs="http://www.linuxhero.com/docs/type29.html">dhcp</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>30:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type30.html" tppabs="http://www.linuxhero.com/docs/type30.html">mysql</a></font></td> </tr> </table></td></tr><tr class=secondalt> <td noWrap width=27%> <font class=normalfont>31:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type31.html" tppabs="http://www.linuxhero.com/docs/type31.html">php</a></font></td> </tr> </table></td></tr><tr class=firstalt> <td noWrap width=27%> <font class=normalfont>32:</font> </td><td noWrap width=73%> <table width=100% border=0> <tr> <td><font class=normalfont><a href="type32.html" tppabs="http://www.linuxhero.com/docs/type32.html">ldap</a></font></td> </tr> </table></td></tr> </table>
</DIV></TD></TR>
<TR vAlign=top>
<TD width="80%">
<DIV align=center><BR>
</DIV>
</TD></TR></TBODY></TABLE></TD></TR>
</TABLE></TD></TR>
</TABLE>
<TABLE cellSpacing=0 cellPadding=4 width="100%" bgColor=#eeeeee
border=0><TBODY>
<TR>
<TD width="50%">
<P><FONT class=middlefont>版权所有 © 2004 <A
href="mailto:bjchenxu@sina.com">linux知识宝库</A><BR>
违者必究. </FONT></P>
</TD>
<TD width="50%">
<DIV align=right><FONT class=middlefont>Powered by: <A
href="mailto:bjchenxu@sina.com">Linux知识宝库</A> Version 0.9.0 </FONT></DIV>
</TD></TR></TBODY></TABLE>
<CENTER></CENTER></TD></TR>
</TABLE></CENTER></BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -