荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: georgehill (清风浮云 人生), 信区: Linux
标 题: 5. Rusty's Really Quick Guide To Packet Filtering
发信站: BBS 荔园晨风站 (Thu Oct 12 12:36:33 2000), 转信
发信人: zixia (Do you zixia tonight), 信区: Linux
标 题: 5. Rusty's Really Quick Guide To Packet Filtering
发信站: BBS 水木清华站 (Wed Oct 11 01:17:33 2000) WWW-POST
Linux 2.4 Packet Filtering HOWTO: Rusty's Really Quick Guide To Packet
Filterin
Next Previous Contents
Lin here a
Ma
mo----------------------------------------------------------------------o
5. Rusty's Really Quick Guide To Packet Filtering
3.1Most people just have a single PPP connection to the Internet, and don't
want anyone coming back into their network, or the firewall:
## Insert connection-tracking modules (not needed if built into kernel).
# insmod ip_conntrack
# insmod ip_conntrack_ftp
## Create chain which blocks new connections, except if coming from inside.
# iptables -N block e,
# iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT the
# iptables -A block -j DROP e
on
## Jump to that chain from INPUT and FORWARD chains.
# iptables -A INPUT -j block
# iptables -A FORWARD -j block
----------------------------------------------------------------------
Next Previous Contents
--
带着一丝阳光、一缕微风,
还有我的理想,
开始我的旅途。
※ 来源:·BBS 荔园晨风站 bbs.szu.edu.cn·[FROM: 192.168.1.115]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店