📄 open source - using iptables.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0061)http://www.unixreview.com/documents/s=1236/urm0104l/0104l.htm -->
<HTML><HEAD><TITLE>Open Source / Using iptables</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312"><!-- hide from older browsers, should show em anyway so they will upgrade-->
<SCRIPT language=JavaScript type=text/javascript>
if ((navigator.appName == "Microsoft Internet Explorer") && (parseInt(navigator.appVersion) )) {
document.write("<LINK REL=stylesheet HREF=\"\/unxrev-ie.css\" TYPE=\"text/css\">"); }
else {
document.write("<LINK REL=stylesheet HREF=\"\/unxrev.css\" TYPE=\"text/css\">"); }
</SCRIPT>
<!-- unhide -->
<META http-equiv=expires content=-1>
<META http-equiv=pragma content=no-cache>
<META content=NOARCHIVE name=GOOGLEBOT>
<META
content="News, reviews, features, and commentary for Unix and Linux professionals."
name=description>
<META
content="UNIX, open source, security, unix, storage, BSD, Linux, Red Hat, Debian, Suse, solaris, AIX, HP-UX, database, linux training, unix training, certification, backup, system administration, intrusion detection, reviews, XML, network, Perl, Shell, TCP/IP, secure shell"
name=KEYWORDS>
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY bgColor=#ffffff leftMargin=0 topMargin=4 rightMargin=0 marginheight="4"><!-- fake email hopefully to catch spam <a href="mailto:webmaster@localhost"> --><A
name=top></A>
<TABLE cellSpacing=0 cellPadding=3 width="98%" border=0>
<TBODY>
<TR>
<TD vAlign=center align=middle width=125><A
href="http://www.unixreview.com/"></A><IMG height=59 src="" width=69> </TD>
<TD vAlign=top align=left width=160>
<P><A href="http://www.unixreview.com/"><IMG height=89
alt="Welcome to UnixReview.com"
src="Open Source - Using iptables.files/logosm.gif" width=151
border=0></A> </P></TD>
<TD vAlign=center align=right><!-----Custom Ad Banner Tag Here-----><!-- AD: 'http://as.cmpnet.com/html.ng/site=sdmg&affiliate=unix&pagepos=top&target=.&country=china&state=' --><A
href="http://as.cmpnet.com/event.ng/Type=click&FlightID=4232&AdID=5987&TargetID=1206&Segments=1411,1466,3159&Targets=1206,2714&Values=31,43,51,60,72,81,90,100,140,203,442,645,646,655,918,944,945,964,1184,1388,1785,1944,2018,2310,2325,2352&RawValues=IP,66.77.26.214,&Redirect=http://www.developermarketnews.net/"
target=_top><IMG height=60 alt=""
src="Open Source - Using iptables.files/dmn_468.gif" width=468
border=0></A><IMG height=1
src="Open Source - Using iptables.files/dcfc.gif" width=1
border=0></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=0 cellPadding=0 width="98%" border=0>
<TBODY>
<TR>
<TD vAlign=top align=middle width=128>
<TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#000000
border=0><TBODY>
<TR>
<TD>
<TABLE cellSpacing=1 cellPadding=3 width="100%" border=0>
<TBODY>
<TR vAlign=top align=middle bgColor=#cccccc>
<TD class=bluetop>Main Menu</TD></TR>
<TR vAlign=top align=left bgColor=#ffffff>
<TD class=bluebottom noWrap> <A class=sidenav
href="http://www.unixreview.com/">Home</A><BR> <A
class=sidenav
href="http://www.unixreview.com/articles/">Archives</A><BR> <A
class=sidenav
href="http://www.unixreview.com/reviews/">Reviews<BR></A> <A
class=sidenav
href="http://www.unixreview.com/articles/books/">Books</A><BR> <A
class=sidenav href="http://www.unixreview.com/glink/">Geek
Links</A><BR> <A class=sidenav
href="http://www.unixreview.com/people/">Contact Us</A>
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><BR>
<TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#000000
border=0><TBODY>
<TR>
<TD vAlign=top align=left>
<TABLE cellSpacing=1 cellPadding=3 width="100%" border=0>
<TBODY>
<TR vAlign=top align=middle bgColor=#cccccc>
<TD class=bluetop>Sections</TD></TR>
<TR bgColor=#ffffff>
<TD class=bluebottom vAlign=top noWrap
align=left> <A class=sidenav
href="http://www.unixreview.com/columns/laird/">Regular<BR> Expressions</A><BR> <A
class=sidenav href="http://www.unixreview.com/tool/">Tool of
the Month</A><BR> <A class=sidenav
href="http://www.unixreview.com/opensource/">Open
Source</A><BR> <A class=sidenav
href="http://www.unixreview.com/certify/">Certification</A><BR> <A
class=sidenav
href="http://www.unixreview.com/columns/schaefer/">Shell
Corner</A> <BR> <A class=sidenav
href="http://www.unixreview.com/mysql/">MySQL</A>
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE><!-- begin small nav bar ad-->
<P><!-- AD: 'http://as.cmpnet.com/html.ng/site=sdmg&affiliate=unix&pagepos=tile&target=.&country=china&state=' --><A
href="http://as.cmpnet.com/event.ng/Type=click&FlightID=21059&AdID=32480&TargetID=1204&Segments=1411,1469&Targets=1204&Values=31,43,51,60,72,81,90,100,140,205,442,645,646,655,918,944,945,964,1184,1388,1785,1944,2018,2310,2325,2352&RawValues=IP,66.77.26.214,&Redirect=http://www.cyclades.com/swp2"
target=_top><IMG height=125 alt=""
src="Open Source - Using iptables.files/cy_security.gif" width=125
border=0></A><IMG height=1 src="" width=1 border=0>
<P>
<FORM action=/search/ method=post><INPUT size=12 name=search> <BR><INPUT
type=image alt=Search src="Open Source - Using iptables.files/search2.gif"
value=Search border=0 name=submit> </FORM>
<P>
<TABLE cellSpacing=0 cellPadding=0 width="100%" bgColor=#000000
border=0><TBODY>
<TR>
<TD>
<TABLE cellSpacing=1 cellPadding=3 width="100%" border=0>
<TBODY>
<TR vAlign=top align=middle>
<TD class=bluetop bgColor=#cccccc>Newsletter</TD></TR>
<TR align=middle>
<TD class=bluebottom bgColor=#ffffff><A
href="http://www.unixreview.com/subscribe/index.htm"><IMG
height=69 alt="Get the Newsletter"
src="Open Source - Using iptables.files/newsletter.gif"
width=120 border=0><BR>Get the Newsletter</A>
</TD></TR></TBODY></TABLE></TD></TR></TBODY></TABLE></P></TD>
<TD width=1> </TD>
<TD vAlign=top align=left><!-----UR Content Body Here-----><A
href="http://www.unixreview.com/print/">Print-Friendly Version</A><BR><BR>
<SCRIPT language=JavaScript><!-- hidefunction openFig1() { figWin= open("./0104l_f1.jpg", "figure", "width=450,height=403,status=no,toolbar=no,menubar=no,scrollbars=yes,resizable=yes"); }function openFig2() { figWin= open("./0104l_f2.jpg", "figure", "width=450,height=403,status=no,toolbar=no,menubar=no,scrollbars=yes,resizable=yes"); } // --></SCRIPT>
<TABLE cellSpacing=0 cellPadding=3 width="100%" border=0>
<TBODY>
<TR vAlign=center bgColor=#dedbce><!-- title start -->
<TD class=headline align=left>Using <CODE>iptables</CODE></TD>
<TD class=headdate align=right>April 2001</TD><!-- title end --></TR>
<TR vAlign=top align=left><!-- body start -->
<TD colSpan=2>
<P><SPAN class=author>by Joe "Zonker" Brockmeier</SPAN>
<P>Last month, I covered setting up the 2.4.x kernel with the
Netfilter framework and <CODE>iptables</CODE> support. This month,
I'll cover the basic syntax of <CODE>iptables</CODE> and how to
create a basic firewall. </P>
<P>If you're still running the 2.2.x kernel series, you won't be
able to use <CODE>iptables</CODE>. However, you may want to learn
more about <CODE>iptables</CODE> for when you migrate to the 2.4.x
kernel. Currently, the stable version of the kernel is at 2.4.3, and
<CODE>iptables</CODE> is at 1.2.1a. </P>
<P>By the way, if you've tried to access the Netfilter homepage from
the URL given last month, it seems to be down for the count.
However, you can still find the Netfilter project at <A
href="http://netfilter.samba.org/"
target=_new>netfilter.samba.org/</A>, <A
href="http://netfilter.gnumonks.org/"
target=_new>netfilter.gnumonks.org</A> or <A
href="http://netfilter.filewatcher.org/"
target=_new>netfilter.filewatcher.org</A>. Also, there was a patch
released on April 16, 2001, that addresses a security weakness in
<CODE>ip_conntrack_ftp</CODE>. For a full description of the
vulnerability, read the description at <A
href="http://netfilter.samba.org/security-fix/index.html">http://netfilter.samba.org/security-fix/index.html</A>
and get the patch from the Netfilter homepage.</P>
<P>
<H3>Getting Started</H3>
<P></P>
<P>It probably goes without saying that you'll need to be logged in
as root to work with <CODE>iptables</CODE>, but I'll say it anyway.
After logging in as root, you may want to look at what's already
loaded, if anything. To look at the tables that are currently in
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -