Welcome to中国防火墙网
Add to Favorites | Chinese
Hot Tags:
Hot Concern
Random Recommendation
Column list
Position:中国防火墙网>Secure Dynamic>
The specific application of a few Iptables
From;    Author:Stand originally
Apply related ICMP
Make oneself cannot Ping is connected 127.0.0.1Iptables -A INPUT -s 127.0.0.1 -p Icmp -j DROP
192.168.0.0/24 net paragraph cannot Ping can this machineIptables -A INPUT -s 192.168.0.0/24 -p Icmp -j DROP
Ban all machines
# Iptables -A INPUT -s 0/0 -p Icmp -j DROP
# ICMP(PING) is accepted! Echo-request
/ Sbin/iptables -A INPUT -p Icmp- - Icmp-type! Echo-request -j ACCEPTAccept_redirects
# Echo "0 ">/ Proc/sys/net/ipv4/conf/all/accept_redirectsOr
# Sysctl Net.ipv4.conf.all.accept_redirects="0 "
Prohibit IP visits him
[Root@linux Root]# Iptables -A INPUT -s 192.168.0.253 -j DROP
Ban MSN
/ Sbin/iptables -I FORWARD -d Gateway.messenger.hotmail.com -j DROP
/ Sbin/iptables -I FORWARD -p Tcp- - Dport 1863 -j DROP
Ban QQ
/ Sbin/iptables -A FORWARD -p Tcp -d Tcpconn.tencent.com- - Dport 80 -j DROP
/ Sbin/iptables -A FORWARD -p Tcp -d Tcpconn.tencent.com- - Dport 443 -j DROP
/ Sbin/iptables -A FORWARD -p Tcp -d Tcpconn2.tencent.com -j DROP
/ Sbin/iptables -A FORWARD -i Eth0 -p Udp- - Dport 8000 -j DROP
Ban BT
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 6881:6890 -j DROP
WWW
# prohibits >> WWW
/ Sbin/iptables -A FORWARD -p Tcp- - Dport 80 -j DROP
# is opened >> WWW
/ Sbin/iptables -A FORWARD -p Tcp- - Dport 80 -j ACCEPT
FTP
# prohibits FTP
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 20 -j DROP
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 21 -j DROP
# opens FTP
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 20 -j ACCEPT
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 21 -j ACCEPT
SMTP, POP3
# prohibits SMTP, POP3
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 25 -j DROP
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 110 -j DROP
# opens SMTP, POP3
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 25 -j ACCEPT
/ Sbin/iptables -A FORWARD -i Eth0 -p Tcp- - Dport 110 -j ACCEPT
Samba
# prohibits Samba
[Root@linux Root]# Iptables -A FORWARD -p Tcp- - Sport 137:139 -j DROP
[Root@linux Root]# Iptables -A FORWARD -p Udp- - Sport 137:139 -j DROP
DROP
# DROP OTHERS
/ Sbin/iptables -A FORWARD -i Eth0 -m State- - State ESTABLISHED, RELATED -j ACCEPT
/ Sbin/iptables -A FORWARD -s 192.168.1.0/24 -j DROP


Previous:Firewall notchs rank
Next:Build Linux firewall install firewall for individual user
About us | Legal Notices | Sitemap | Links | Partner