上面已经做了流量监控了,但是人家又在下面给我改ip了,搞的我虽然知道那个ip的流量是多少,但是又不知道是那个人,所以下面就只得又再做个ip-mac的绑定,只允许我分配的ip上网,其他的ip不准上网,

第一步：

           先写一个静态的ip-mac表.

vi /etc/ether

192.168.2.10 74:EA:3A:7B:11:27
192.168.2.11 D8:5D:4C:0F:D4:05
192.168.2.12 08:10:74:A6:37:62
192.168.2.13 00:22:43:83:C3:AE
192.168.2.14 D8:5D:4C:0F:AE:14
192.168.2.15 20:7C:8F:05:91:72
192.168.2.16 20:7C:8F:05:95:E3
192.168.2.17 00:18:DE:B0:4E:FE
192.168.2.18 00:23:4D:59:6F:98
192.168.2.19 74:EA:3A:7B:D0:84
192.168.2.20 00:22:FA:62:3D:CE
192.168.2.21 D8:5D:4C:0F:FD:3A
192.168.2.23 74:EA:3A:7A:F7:00
192.168.2.24 00:16:EA:B2:E5:26
192.168.2.25 74:EA:3A:7D:2D:E7
192.168.2.26 D8:5D:4C:0F:D4:40
192.168.2.27 00:21:5D:91:1A:C8
192.168.2.28 D8:5D:4C:0F:D4:3E
192.168.2.30 00:17:C4:9C:A7:94
192.168.2.32 7C:6D:62:A6:29:8B
192.168.2.33 00:21:5D:9C:70:38
192.168.2.35 74:EA:3A:7A:F7:8E
192.168.2.39 08:10:74:B4:4C:F2
192.168.2.7  00:21:6B:C3:5D:00
192.168.2.4  74:EA:3A:7B:01:20
192.168.2.240 00:21:5D:2A:69:34

这么多打的我手疼,这样一个静态的ip-mac绑定就写好了.

写好后执行下 arp -f /etc/ether 完成.

为了让每次开机启动都进行一次绑定，就把这个写到启动文件里面去

vi /etc/rc.d/rc.local

在最后加一条 arp -f /etc/ether

wq 保存退出.

接着就来写iptables了

懒得打了,直接贴出来了,嘿嘿

# Generated by iptables-save v1.4.2 on Tue Sep  7 07:00:43 2010
*mangle
:PREROUTING ACCEPT [749546:411963531]
:INPUT ACCEPT [9061:752558]
:FORWARD ACCEPT [739957:411095995]
:OUTPUT ACCEPT [8819:1018479]
:POSTROUTING ACCEPT [716880:399932582]
COMMIT
# Completed on Tue Sep  7 07:00:43 2010
# Generated by iptables-save v1.4.2 on Tue Sep  7 07:00:43 2010
*nat
:PREROUTING ACCEPT [22032:1549016]
:POSTROUTING ACCEPT [3:197]
:OUTPUT ACCEPT [121:8569]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Sep  7 07:00:43 2010
# Generated by iptables-save v1.4.2 on Tue Sep  7 07:00:43 2010
*filter
:INPUT ACCEPT [9061:752558]
:FORWARD DROP [770:120384]
:OUTPUT ACCEPT [8811:1017907]
-A FORWARD -s 192.168.2.240/32 -m mac --mac-source 00:21:5D:2A:69:34 -j ACCEPT
-A FORWARD -s 192.168.2.7/32 -m mac --mac-source 00:21:6B:C3:5D:00 -j ACCEPT
-A FORWARD -s 192.168.2.4/32 -m mac --mac-source 74:EA:3A:7B:01:20 -j ACCEPT
-A FORWARD -s 192.168.2.39/32 -m mac --mac-source 08:10:74:B4:4C:F2 -j ACCEPT
-A FORWARD -s 192.168.2.35/32 -m mac --mac-source 74:EA:3A:7A:F7:8E -j ACCEPT
-A FORWARD -s 192.168.2.33/32 -m mac --mac-source 00:21:5D:9C:70:38 -j ACCEPT
-A FORWARD -s 192.168.2.32/32 -m mac --mac-source 7C:6D:62:A6:29:8B -j ACCEPT
-A FORWARD -s 192.168.2.30/32 -m mac --mac-source 00:17:C4:9C:A7:94 -j ACCEPT
-A FORWARD -s 192.168.2.29/32 -m mac --mac-source 00:26:C7:35:EF:E4 -j ACCEPT
-A FORWARD -s 192.168.2.28/32 -m mac --mac-source D8:5D:4C:0F:D4:3E -j ACCEPT
-A FORWARD -s 192.168.2.27/32 -m mac --mac-source 00:21:5D:91:1A:C8 -j ACCEPT
-A FORWARD -s 192.168.2.26/32 -m mac --mac-source D8:5D:4C:0F:D4:40 -j ACCEPT
-A FORWARD -s 192.168.2.25/32 -m mac --mac-source 74:EA:3A:7D:2D:E7 -j ACCEPT
-A FORWARD -s 192.168.2.24/32 -m mac --mac-source 00:16:EA:B2:E5:26 -j ACCEPT
-A FORWARD -s 192.168.2.23/32 -m mac --mac-source 74:EA:3A:7A:F7:00 -j ACCEPT
-A FORWARD -s 192.168.2.21/32 -m mac --mac-source D8:5D:4C:0F:FD:3A -j ACCEPT
-A FORWARD -s 192.168.2.20/32 -m mac --mac-source 00:22:FA:62:3D:CE -j ACCEPT
-A FORWARD -s 192.168.2.19/32 -m mac --mac-source 74:EA:3A:7B:D0:84 -j ACCEPT
-A FORWARD -s 192.168.2.18/32 -m mac --mac-source 00:23:4D:59:6F:98 -j ACCEPT
-A FORWARD -s 192.168.2.17/32 -m mac --mac-source 00:18:DE:B0:4E:FE -j ACCEPT
-A FORWARD -s 192.168.2.16/32 -m mac --mac-source 20:7C:8F:05:95:E3 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -m mac --mac-source 20:7C:8F:05:91:72 -j ACCEPT
-A FORWARD -s 192.168.2.14/32 -m mac --mac-source D8:5D:4C:0F:AE:14 -j ACCEPT
-A FORWARD -s 192.168.2.13/32 -m mac --mac-source 00:22:43:83:C3:AE -j ACCEPT
-A FORWARD -s 192.168.2.12/32 -m mac --mac-source 08:10:74:A6:37:62 -j ACCEPT
-A FORWARD -s 192.168.2.11/32 -m mac --mac-source D8:5D:4C:0F:D4:05 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -m mac --mac-source 74:EA:3A:7B:11:27 -j ACCEPT
-A FORWARD -d 192.168.2.240/32 -j ACCEPT
-A FORWARD -s 192.168.2.240/32 -j ACCEPT
-A FORWARD -d 192.168.2.35/32 -j ACCEPT
-A FORWARD -s 192.168.2.35/32 -j ACCEPT
-A FORWARD -d 192.168.2.33/32 -j ACCEPT
-A FORWARD -s 192.168.2.33/32 -j ACCEPT
-A FORWARD -d 192.168.2.32/32 -j ACCEPT
-A FORWARD -s 192.168.2.32/32 -j ACCEPT
-A FORWARD -d 192.168.2.31/32 -j ACCEPT
-A FORWARD -s 192.168.2.31/32 -j ACCEPT
-A FORWARD -d 192.168.2.30/32 -j ACCEPT
-A FORWARD -s 192.168.2.30/32 -j ACCEPT
-A FORWARD -d 192.168.2.29/32 -j ACCEPT
-A FORWARD -s 192.168.2.29/32 -j ACCEPT
-A FORWARD -d 192.168.2.28/32 -j ACCEPT
-A FORWARD -s 192.168.2.28/32 -j ACCEPT
-A FORWARD -d 192.168.2.27/32 -j ACCEPT
-A FORWARD -s 192.168.2.27/32 -j ACCEPT
-A FORWARD -d 192.168.2.26/32 -j ACCEPT
-A FORWARD -s 192.168.2.26/32 -j ACCEPT
-A FORWARD -d 192.168.2.25/32 -j ACCEPT
-A FORWARD -s 192.168.2.25/32 -j ACCEPT
-A FORWARD -d 192.168.2.23/32 -j ACCEPT
-A FORWARD -s 192.168.2.23/32 -j ACCEPT
-A FORWARD -d 192.168.2.21/32 -j ACCEPT
-A FORWARD -s 192.168.2.21/32 -j ACCEPT
-A FORWARD -d 192.168.2.20/32 -j ACCEPT
-A FORWARD -s 192.168.2.20/32 -j ACCEPT
-A FORWARD -d 192.168.2.19/32 -j ACCEPT
-A FORWARD -s 192.168.2.19/32 -j ACCEPT
-A FORWARD -d 192.168.2.18/32 -j ACCEPT
-A FORWARD -s 192.168.2.18/32 -j ACCEPT
-A FORWARD -d 192.168.2.17/32 -j ACCEPT
-A FORWARD -s 192.168.2.17/32 -j ACCEPT
-A FORWARD -d 192.168.2.16/32 -j ACCEPT
-A FORWARD -s 192.168.2.16/32 -j ACCEPT
-A FORWARD -d 192.168.2.15/32 -j ACCEPT
-A FORWARD -s 192.168.2.15/32 -j ACCEPT
-A FORWARD -d 192.168.2.14/32 -j ACCEPT
-A FORWARD -s 192.168.2.14/32 -j ACCEPT
-A FORWARD -d 192.168.2.13/32 -j ACCEPT
-A FORWARD -s 192.168.2.13/32 -j ACCEPT
-A FORWARD -d 192.168.2.11/32 -j ACCEPT
-A FORWARD -s 192.168.2.11/32 -j ACCEPT
-A FORWARD -d 192.168.2.10/32 -j ACCEPT
-A FORWARD -s 192.168.2.10/32 -j ACCEPT
-A FORWARD -s 192.168.2.12/32 -j ACCEPT
-A FORWARD -d 192.168.2.12/32 -j ACCEPT
-A FORWARD -s 192.168.2.24/32 -j ACCEPT
-A FORWARD -d 192.168.2.24/32 -j ACCEPT
-A FORWARD -s 192.168.2.29/32 -j ACCEPT
-A FORWARD -d 192.168.2.29/32 -j ACCEPT
-A FORWARD -s 192.168.2.39/32 -j ACCEPT
-A FORWARD -d 192.168.2.39/32 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT （这一句不写就失败了,多亏了“一路征程，一路笑”）
-A OUTPUT -m layer7 --l7proto bittorrent -j DROP
-A OUTPUT -m layer7 --l7proto edonkey -j DROP
COMMIT
# Completed on Tue Sep  7 07:00:43 2010

这个iptables 的前面部分就是ip-mac的绑定,下面写的是为了让上一篇那个脚本可以监控到这些主机才写的,好像不写的话执行那个ipflow_1.3的话出不来呢.这些iptables都是写在脚本里的,因为后期我还要做一些iptables的为了以防万一我就用iptables-save > /iptables.back

万一那天我改错了,我就直接 iptables-restore < /iptables.back 又回来了!

嘿嘿,我只是一个小菜,把自己工作中的东西写下来,希望对大家有所帮助,也希望大家能多多指点指点我!争取能成为一个linux高手,忽忽！！