by KindGeorge # yahoo.com 2005.4.2 at ChinaUnix.net
相信很多人都会用iptables,我也一直用,并且天天用.特别是看完platinum的<<如何给iptables添加新的模块>;>;介绍后,觉得有必要深入了解一下它的拓展功能.于是立刻下载,先查看一下它的说明, 其功能很是令人感觉很兴奋,例如:comment (备注匹配) ,string(字符串匹配,可以用做内容过滤),iprang(ip范围匹配),time(时间匹配),ipp2p(点对点匹配),connlimit(同时连接个数匹配),Nth(第n个包匹配),geoip(根据国家地区匹配). ipp2p(点对点匹配), quota(配额匹配),还有很多......之后编译,几经测试,在rh7.3 kernel2.4.18-3和rh9.0 kernel2.4.20-8下均成功实现添加扩展功能.以下是介绍其部分功能,及编译方法.环境rh9.0 kernel2.4.20-8. root身份. 阅读全文...
非常不错的一个iptables的实例~
本脚本环境为eth0外网,eth1内网;
阅读全文...
Every user using logs met requirement to separate logs from various daemons to individual files and log iptables actions. In this topic we will set up syslog-ng a system loger to do it. Log files will be separated by services (DNS daemon, DHCP daemon, …), iptables logged actions and by months and years.
How to log iptables?
In chain where for example logging of dropped packets is desired we add logging rule to the end of chain (valid for iptables with implicit policy DROP on INPUT chain). If you don’t want make your router/server crazy, set limit for logged packets.
阅读全文...
iptables 指令
语法:
iptables [-t table] command [match] [-j target/jump]
-t 参数用来指定规则表,内建的规则表有三个,分别是:nat、mangle 和 filter,当未指定规则表时,则一律视为是 filter。
个规则表的功能如下:
阅读全文...
最新评论