Board logo

标题: [问题]高人帮解释一下! [打印本页]

作者: 剑心    时间: 2005-11-9 23:56     标题: [问题]高人帮解释一下!

从没动过的iptables:

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0]
ACCEPT [0]
:OUTPUT ACCEPT [0]
-Firewall-1-INPUT - [0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

帮解释一下吧!小弟先谢过了!!!
:?:  :?:  :?:  :?:  :?:  :?:  :?:
作者: 港湾    时间: 2005-11-10 00:02     标题: Re: [问题]高人帮解释一下!

[quote="剑心"]从没动过的iptables:

# Firewall configuration written by redhat-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0]
ACCEPT [0]
:OUTPUT ACCEPT [0]
-Firewall-1-INPUT - [0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

帮解释一下吧!小弟先谢过了!!!
:?:  :?:  :?:  :?:  :?:  :?:  :?:[/quote2]這個。。。建議你還是man 一下iptable吧,簡單的說就是對于符合條件的放,不符合條件的就丟棄,需要掌握的就是如何高效的設計自己的規則....
作者: 冰霜之子    时间: 2005-11-10 00:05

系统在安装是有一个选项是防火墙级别,默认的是中等。系统会根据用户的选择自动生成一部分规则。
上面的规则大致是允许本机出去的任何访问,允许经过本机转发的任何访问,而对进入本机的数据包做了限制,具体的可以看iptables的帮助文档。




欢迎光临 编程开发论坛 (http://bbs.lihuasoft.net/) Powered by Discuz! 6.0.0