Chinaunix首页 | 论坛 | 博客
  • 博客访问: 10804231
  • 博文数量: 2905
  • 博客积分: 20098
  • 博客等级: 上将
  • 技术积分: 36298
  • 用 户 组: 普通用户
  • 注册时间: 2009-03-23 05:00
文章存档

2012年(1)

2011年(3)

2009年(2901)

分类: LINUX

2009-03-23 11:06:13

续前文;随竟写了几个命令。来充分利用L7的优势。据测试的效果还是不错的。下面是的部分IPTABLES。请注意。有可能重复限制了BT EMULE等了。

[root@nginx-http ipp2p-0.8.2]# iptables-save
# Generated by iptables-save v1.3.7 on Wed Jan  9 18:10:10 2008
*mangle
:PREROUTING ACCEPT [39560:5353718]
:INPUT ACCEPT [516:35974]
:FORWARD ACCEPT [39043:5317714]
:OUTPUT ACCEPT [484:34806]
:POSTROUTING ACCEPT [15217:3724119]
-A POSTROUTING -m layer7 --l7proto skypetoskype -j Drop
-A POSTROUTING -m layer7 --l7proto skypeout -j Drop
-A POSTROUTING -m layer7 --l7proto edonkey -j Drop
-A POSTROUTING -m layer7 --l7proto fasttrack -j Drop
-A POSTROUTING -m layer7 --l7proto bittorrent -j Drop
COMMIT
# Completed on Wed Jan  9 18:10:10 2008
# Generated by iptables-save v1.3.7 on Wed Jan  9 18:10:10 2008
*filter
:INPUT ACCEPT [524:36294]
:FORWARD ACCEPT [15294:3822741]
:OUTPUT ACCEPT [500:37030]
-A FORWARD -m layer7 --l7proto edonkey -j Drop
-A FORWARD -m layer7 --l7proto bittorrent -j Drop
COMMIT
# Completed on Wed Jan  9 18:10:10 2008
# Generated by iptables-save v1.3.7 on Wed Jan  9 18:10:10 2008
*nat
:PREROUTING ACCEPT [25468:1606241]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:124]
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.10.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Wed Jan  9 18:10:10 2008
[root@nginx-http ipp2p-0.8.2]#

呵呵,系统显示的匹配策略来SHOW下效果:

阅读(1401) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~