$IPTABLES -N KEEP_STATE
$IPTABLES -F KEEP_STATE
## DROP packets associated with an "INVALID" connection.
$IPTABLES -A KEEP_STATE -m state --state INVALID -j DROP
## ACCEPT packets which are related to an established connection.
$IPTABLES -A KEEP_STATE -m state --state RELATED,ESTABLISHED -j ACCEPT
## DROP/ACCEPT packets based on the state of the connection.
$IPTABLES -A INPUT -i $INTERNAL -j KEEP_STATE
## DROP/ACCEPT packets based on the state of the connection.
$IPTABLES -A INPUT -i $EXTERNAL -j KEEP_STATE
## Jump to the KEEP_STATE chain for generic state-based packet filtering.
$IPTABLES -A OUTPUT -o $INTERNAL -j KEEP_STATE
$IPTABLES -A FORWARD -j KEEP_STATE
阅读(1754) | 评论(0) | 转发(0) |
