首先你看一下FAQ,里面有很多iptables的资料,了解一下。
网吧,安全级别无需太高。
规则如下:
#!/bin/sh
#edit by waterbird, 2002.4.4
echo "starting the firewall..."
##Ismod the firewall modules
modprobe ip_tables
##Enable the ip_forward
echo "1" > /proc/sys/net/ipv4/ip_forward
##clear the chains
iptables -F
iptables -X
iptables -F -t nat
##Define the policy
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
##Define the IP and Interface
LAN_IP="192.168.0.1"
LAN_IFACE="eth1"
ADSL_IFACE="ppp0"
IPTABLES="/sbin/iptables"
#########################POSTROUTING chain
#MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/24 -o ppp0 -j MASQUERADE
##########################FORWARD rules
#accept LAN IP go out
$IPTABLES -A FORWARD -i $LAN_IFACE -s 192.168.0.0/24 -j ACCEPT
#accept come back packets from INTERNET
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###########################INPUT chain
#for come back from this adsl-server packets
$IPTABLES -A INPUT -i $ADSL_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "firewall started! :-D"
这个脚本对内网出去的包伪装;
允许所有内网包出去,允许返回
允许防火墙机器所有包出去,允许有状态返回。
如果有问题,发MAIL给我。
--------------------next---------------------
阅读(371) | 评论(0) | 转发(0) |