本站iptables,有点疑问

  • 2017-08-31
  • 235
  • 0
  • 1
# Generated by iptables-save v1.4.21 on Thu Aug 31 21:38:35 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [357:309630]
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 443 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 80 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 443 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 80 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 443 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 80 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 443 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 80 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 443 -j DROP
-A INPUT -s 119.254.209.46/32 -p tcp -m tcp --dport 80 -j DROP
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5555 -j ACCEPT
-A INPUT -p udp -m udp --dport 5555 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m tcp --sport 5555 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 5555 -j ACCEPT
COMMIT
# Completed on Thu Aug 31 21:38:35 2017
# Generated by iptables-save v1.4.21 on Thu Aug 31 21:38:35 2017
*raw
:PREROUTING ACCEPT [22859619:17563131496]
:OUTPUT ACCEPT [26952390:19910751088]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Thu Aug 31 21:38:35 2017
# Generated by iptables-save v1.4.21 on Thu Aug 31 21:38:35 2017
*security
:INPUT ACCEPT [22822275:17560372418]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26952390:19910751088]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Thu Aug 31 21:38:35 2017
# Generated by iptables-save v1.4.21 on Thu Aug 31 21:38:35 2017
*mangle
:PREROUTING ACCEPT [22859619:17563131496]
:INPUT ACCEPT [22859619:17563131496]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26952390:19910751088]
:POSTROUTING ACCEPT [26952390:19910751088]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eth1 -g PRE_public
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Thu Aug 31 21:38:35 2017
# Generated by iptables-save v1.4.21 on Thu Aug 31 21:38:35 2017
*nat
:PREROUTING ACCEPT [109660:6669744]
:INPUT ACCEPT [76145:4067738]
:OUTPUT ACCEPT [4513394:280107884]
:POSTROUTING ACCEPT [4513394:280107884]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eth1 -g POST_public
-A POSTROUTING_ZONES -o eth0 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i eth1 -g PRE_public
-A PREROUTING_ZONES -i eth0 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Thu Aug 31 21:38:35 2017

评论

偷偷告诉你,这还毛都没有 T T

发表评论