/sbin/ipchains -A input -j ACCEPT
/sbin/ipchains -A output -j ACCEPT
/sbin/ipchains -A forward -j ACCEPT
(3)设置本地环路规则
/sbin/ipchains -A input -j ACCEPT - i lo
/sbin/ipchains -A output -j ACCEPT - i lo
本地进程之间的包允许通过。
(4)禁止IP欺骗
/sbin/ipchains -A input -j DENY
- i ech1 - s 192.168.100.0/24
/sbin/ipchains -A input -j DENY
- i ech1 - d 192.168.100.0/24
/sbin/ipchains -A output -j DENY
- i ech1 - s 192.168.100.0/24
/sbin/ipchains -A output -j DENY
- i ech1 - d 192.168.100.0/24
/sbin/ipchains -A input -j DENY
- i ech1 -s 202.101.2.25/32
/sbin/ipchains -A output -j DENY
- i ech1 -d 202.101.2.25/32
(5)禁止广播包
/sbin/ipchains -A input -j DENY
- i ech0 - s 255.255.255.255
/sbin/ipchains -A input -j DENY
- i ech0 - d 0.0..0.0
/sbin/ipchains -A output -j DENY
- i ech0 - s 240.0.0.0/3
(6)设置ech0转发规则
/sbin/ipchains -A forword -j MASQ
- i ech0- s 192.168.100.0/24
(7)设置ech1转发规则
/sbin/ipchains -A forword -j ACCEPT
- i ech1- s 192.168.100.0/24
/sbin/ipchains -A forword -j ACCEPT
- i ech1- d 192.168.100.0/24