Author: kenduest (small) here is I set some simple iptables rules, you can reference.
(Has nothing to do with NAT OH) # hanging in the relevant module modprobeip_tables modprobeip_conntrack modprobeip_conntrack_tp modprobeip_conntrack_irc # reset iptables-iptables-X iptables-F-tnat iptables-X-tmangle # put FORWARD close iptables-PFORWARDDROP # this is open to your own domain can easily link to the domain undefended iptables-AINPUT-pall-sip_net/netmask-jACCEPT # allow links service iptables-AINPUT-ieth0-ptcp--dport20-jACCEPT iptables-AINPUT-ieth0-ptcp--dport21-jACCEPT iptables-AINPUT-ieth0-ptcp--dport22-jACCEPT iptables-AINPUT-ieth0-ptcp--dport23-jACCEPT iptables-AINPUT-ieth0-ptcp--dport25-jACCEPT iptables-AINPUT-ieth0-ptcp--dport53-jACCEPT iptables-AINPUT-ieth0-pudp--dport53-jACCEPT iptables-AINPUT-ieth0-ptcp--dport110-jACCEPT iptables-AINPUT-ieth0-ptcp--dport113-jACCEPT iptables-AINPUT-ieth0-mstate--stateRELATED, ESTABLISHED-jACCEPT iptables-AINPUT-ieth0-mstate--stateNEW, INVALID-jDROP above is open to allow port20, 21, 22, 23, 25, 53, 110, 113, and other services that are outside the online. Port20, 21: ftp use. Port22: ssh online port23: telnet online. Ease of use, do not open the safe. Port25: sendmail use. Let letters can you send them in. Port53: dns use. Dns need to open the udp. Port110: pop3 use port113: auth identity confirmation. I opened an opportunity to use the 113 identifiable host not lookbehind are stuck for a long time. The last line is for the initiative are online or when certain changes are not legitimate online, all deny it. The script content, it is applicable only allows outside linking specific port services, remaining outside the remaining port will refuse to take the initiative to establish online. For example, use the Modem dials, just hope it works out, the outside online are not online in this demand. (Ps: the modem is using ppp0 interface, such as those above the eth0 ppp0 to be replaced)
No comments:
Post a Comment