转至繁体中文版     | 网站首页 | 图文教程 | 资源下载 | 站长博客 | 图片素材 | 武汉seo | 武汉网站优化 | 
最新公告:     敏韬网|教学资源学习资料永久免费分享站!  [mintao  2008年9月2日]        
您现在的位置: 学习笔记 >> 图文教程 >> 数据库 >> SyBase >> 正文
Linux服务器上适用的防火墙(转自CU)         ★★★★

Linux服务器上适用的防火墙(转自CU)

作者:闵涛 文章来源:闵涛的学习笔记 点击数:3054 更新时间:2009/4/22 23:08:00
ation-needed -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type destination-unreachable -j DROP
iptables -A OUTPUT -p icmp --icmp-type echo-request -m state --state NEW -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state INVALID -j LOG --log-prefix "INVALID output: "
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -p icmp -o ${UPLINK} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o ${UPLINK} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp -m state --state INVALID -j LOG --log-prefix "INVAILD ICMP STATE OUTPUT:"
iptables -A OUTPUT -p icmp -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state NEW,INVALID -j LOG --log-prefix "INVAILD NEW:"
iptables -A OUTPUT -m state --state NEW,INVALID -j DROP

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m \n\t The OUTPUT rules has been successful applied,conniture..."

#echo -e "\t Now applying nat rules ,please wait ...."
#iptables -t nat -A POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE
#iptables -t nat -A PREROUTING -d ${LAN_NET} -i ${UPLINK} -j DROP

#if [ " $ROUTER " = " yes " ]
# then
# echo -e "\t enabing ip_forward,please wait..."
# echo 1 >/proc/sys/net/ipv4/ip_forward
# echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
# if [ " $NAT " = " dynamic " ]
# then
# echo -e "\tEnableing MASQUERADING (dynamic ip )..."
# echo -e "\tDynamic PPP connection,Now getting the dynamic ip address"
# IP_ADDR=`ifconfig ppp0 | grep inet | cut -d : -f 2 | cut -d " " -f 1`
# echo -e "\t Now you IP ADDRESS is : ${IP_ADDR} "
# iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
# iptables -t nat -A POSTROUTING -o ${UPLINK} -s ${DMZ_NET} -j SNAT --to ${IP_ADDR}
# iptables -t nat -A POSTROUTING -o ${UPLINK} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# iptables -t nat -A PREROUTING -i ${UPLINK} -d ${IP_ADDR} -p tcp --dport 80 -j DNAT --to ${WEB_IP}:80
# iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${IP_ADDR} --dport 22 -j DNAT --to ${ADMIN_IP}:22
# echo -e "\t OK,NAT setting start succecc.."

# elif [ " $NAT " != " " ]
# then
# echo -e "\tEnableing SNAT (static ip)..."
# iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${UPIP}
# iptables -t nat -A POSTROUTING -s ${LAN_NET} -o ${UPLINK} -j SNAT --to ${UPIP}
# iptables -t nat -A POSTROUTING -o ${UPLINK} -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
# iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${UPIP} --dport 80 -j DNAT --to ${WEB_IP}:80
# iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp -d ${UPIP} --dport 88 -j DNAT --to ${ADMIN_IP}:22

# echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

# fi
#fi

echo -e "\a"
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
echo -e "\tAll rules has been successful applied,enjoy it...."

elif [ "$1" = "stop" ] || [ "$1" = "flush" ] || [ "$1" = "clear" ]
then
echo -e "\tStoping Firewall...."
iptables -t filter -F > /dev/null 2>&1
iptables -t filter -X > /dev/null 2>&1
iptables -t nat -F > /dev/null 2>&1
iptables -t nat -X > /dev/null 2>&1
iptables -t mangle -F > /dev/null 2>&1
iptables -t mangle -X > /dev/null 2>&1
iptables -t filter -P INPUT ACCEPT > /dev/null 2>&1
iptables -t filter -P OUTPUT ACCEPT > /dev/null 2>&1
iptables -t filter -P FORWARD ACCEPT > /dev/null 2>&1
iptables -F tcpHandler > /dev/null 2>&1
iptables -F udpHandler > /dev/null 2>&1
iptables -F icmpHandler > /dev/null 2>&1
iptables -F CHECK_FLAGS > /dev/null 2>&1
iptables -F DROP-AND-LOG > /dev/null 2>&1
iptables -F syn-flood > /dev/null 2>&1
iptables -X tcpHandler > /dev/null 2>&1
iptables -X udpHandler > /dev/null 2>&1
iptables -X icmpHandler > /dev/null 2>&1
iptables -X CHECK_FLAGS > /dev/null 2>&1
iptables -X DROP-AND-LOG > /dev/null 2>&1
iptables -X syn-flood > /dev/null 2>&1
echo -e "\a"
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
echo -e "\t\tThe firewall has successful shuted down,be careful !"

fi



最后进行编辑的是 arlenecc on 2004-09-24 16:09, 总计第 2 次编辑

# RainLow firewall server version-- 09/05/2004
# This software may be used and distributed according to
#the terms of the GNU General Public License (GPL) provided
#credit is given to the original author.
# Copyright (c) 2004 rainlow
# All rights reserved
############################################################
#echo -e "\n\t\t\t Welcome to \033[3;031m RainLow Tech. \033[0m\n\n"
#echo -e " \t\t\t\t \033[1;32m http://www.rainlow.com \033[m \n"

# means the interface you connected to internet,if you use ADSL you should set
# it to ppp0

UPLINK=eth0

# means if you use fixed IP address you can set here

UPIP=221.137.58.48

# means the interface you have

INTERFACES=lo eth0

#means if you want to load all modules needed for this program

LOAD_MODULES=no

#means if you want to log the illegal tcp flags(most of these flags is used for a scanner)

LOG_ILLEGAL_FLAGS=yes

# means the IP address you want to log and DENY

DENYIP=10.0.0.1 10.0.0.255

# means the UDP port you want to log and drop the connections

UDP_PORT_LOG=7 9 19 107 137 138 139 161 199 162 369

#means the tcp port you want to log and drop the connections

TCP_PORT_LOG=135 136 137 138 139 445 500 1433 3306 515 513

#means tcp ports you want to open on this server

OPEN_TCP=25 110 22 21

#means udp ports you want to open,please only use this if you are provide services on firewall,dangerous

OPEN_UDP=
#means if you will log malformed packets

MALFORMED_PACKET_LOG=no

#means the ip address you want to manage the firewall remotely

MANAGE_IP=61.129.112.46

#means if you want to disable all log function(to save disk and other resource)

DISABLE_ALL_LOG=no

上一页  [1] [2] [3] [4] [5] 


没有相关教程
教程录入:mintao    责任编辑:mintao 
  • 上一篇教程:

  • 下一篇教程:
    • 【字体: 】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口
      注:本站部分文章源于互联网,版权归原作者所有!如有侵权,请原作者与本站联系,本站将立即删除! 本站文章除特别注明外均可转载,但需注明出处! [MinTao学以致用网]
      网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)
    同类栏目
    · Sql Server  · MySql
    · Access  · ORACLE
    · SyBase  · 其他
    更多内容
    热门推荐 更多内容
  • 没有教程
    		•
    赞助链接
    更多内容
    闵涛博文 更多关于武汉SEO的内容
    500 - 内部服务器错误。

    500 - 内部服务器错误。

    您查找的资源存在问题,因而无法显示。
    | 设为首页 |加入收藏 | 联系站长 | 友情链接 | 版权申明 | 广告服务
    MinTao学以致用网

    Copyright @ 2007-2012 敏韬网(敏而好学,文韬武略--MinTao.Net)(学习笔记) Inc All Rights Reserved.
    闵涛 投放广告、内容合作请Q我! E_mail:admin@mintao.net(欢迎提供学习资源)

    站长:MinTao ICP备案号:鄂ICP备11006601号-18

    闵涛站盟:医药大全-武穴网A打造BCD……
    		咸宁网络警察报警平台