[RedHat] 求一条简单的iptables语句，|Linux系统专区人人网,QQ空间,登陆,renren,注册,校内,刷人气

离线lzzsgsb.

初中三年级

发帖: 2008

C币: -262851

威望: 381

贡献值: 7

银元: 3

铜钱: 4528

人人网人气币: 0

只看楼主倒序阅读使用道具楼主发表于: 2009-05-01

就是允许别人.T.elnet到我这台机子上啊，没有接触过这个东东，不会写，.
这是我机子上原来的：
[.root@Rhel5 ~]# ipt.ables -L(广告)
C.hain INPUT .(policy ACCEPT)           鲜花
target     prot op.t source.               destination                      汽车
RH-Firewall-1-INPUT  all  --  anywhere             any.where        .                杀毒

Chain. .FORWARD (policy ACCEPT).
target     prot opt. source          .     destination         --- 印刷
RH-Firewall-1-INPUT  all  --  .anywhere             anywhere           . 电影

Chain OUTPUT (p.olicy ACCEP.T)[成人用品]
target     prot opt source               destination   .     . (        游戏          )

Chain RH-Firewall-1-INPUT (.2 reference.s)<性病>
target     prot opt sourc.e               destination  .                   杀毒
ACCEPT     all  --  any.where             anyw.here            .
ACCEPT     icmp --  any.where .            anywhere            icmp any            鲜花
ACCEPT     esp  --  anywh.er.e             anywhere            --------------彩票
ACCEPT     ah   --  anywhe.re  .           anywhere            健康
ACCEPT  .   udp  --  anywhere           .  224.0.0.251         udp dpt:mdns            建材
A.CCEPT     udp  --  anywhere             anywhere          .  udp dpt:ipp .
ACCEPT     tcp  .--  any.where             anywhere            tcp dpt:ipp (        游戏          )
ACCEPT .    all  --  anywhere             anywhere  . .         state RELATED,ESTABLISHED <性病>
ACCEPT     tcp  --  anywh.ere  .        .   anywhere            state NEW tcp dpt:ssh (广告)
REJECT     all  --  an.ywhere             any.where      .      reject-with icmp-host-prohibited --------------彩票

http://upload.bbs.csuboy.com/Mon_1004/126_6724_841324b0ca21639.gif[/img]http://upload.bbs.csuboy.com/Mon_1004/126_6724_841324b0ca21639.gif[/img]电脑

评价一下你浏览此帖子的感受

分享到 淘江湖新浪 QQ微博 QQ空间开心人人豆瓣网易微博百度鲜果白社会飞信

离线喜多多.

初中三年级

发帖: 2009

C币: -235365

威望: 366

贡献值: 1

银元: -5

铜钱: 4496

人人网人气币: 0

只看该作者沙发发表于: 2010-04-14

Re:[RedHat]

iptables -A INPUT -i eth0 -p tcp --dport 端口号 -j ACCEPT

filter表，input链

默认端口号是23，如果没改的话。

离线yszkm.

初中三年级

发帖: 2099

C币: -152659

威望: 380

贡献值: 1

银元: -3

铜钱: 4664

人人网人气币: 0

只看该作者板凳发表于: 2010-04-14

Re:[RedHat]

楼主的三个链默认就是ACCEPT，现在应该可以连接吧

离线kekehsu.

初中三年级

发帖: 2147

C币: -193213

威望: 407

贡献值: 1

银元: -3

铜钱: 4694

人人网人气币: 0

只看该作者地板发表于: 2010-04-14

Re:[RedHat]

不会，看不懂，正在学习当中

离线qlylny.

初中三年级

发帖: 2011

C币: -60576

威望: 375

贡献值: 1

银元: -3

铜钱: 4516

人人网人气币: 0

只看该作者 4楼发表于: 2010-04-14

如果是新手，把规则都清除了吧。
iptables -F

iptables -X

iptables -Z

service iptables save
复制代码

离线klxqlqw.

初中三年级

发帖: 2074

C币: -262870

威望: 355

贡献值: 2

银元: -3

铜钱: 4474

人人网人气币: 0

只看该作者 5楼发表于: 2010-04-14

Re:[RedHat]

[root@Rhel5 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:telnet

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

这是changzi100的方法，我发现那个允许23的在上面，
而这时不能Telnet啊，为什么？

iptables -A INPUT -i eth0 -p tcp --dport 23 -j ACCEPT
我是这样输进去的，

[ 本帖最后由 Peifei 于 2008-11-11 16:25 编辑 ]

离线接受不齐.

初中三年级

发帖: 2004

C币: -236067

威望: 351

贡献值: 1

银元: -6

铜钱: 4446

人人网人气币: 0

只看该作者 6楼发表于: 2010-04-14

Re:[RedHat]

[root@Rhel5 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:telnet
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

这是我用system-config-securitylevel设的结果，那个telnet规则在下面，
就是可以正常Telnet的，

[ 本帖最后由 Peifei 于 2008-11-11 16:24 编辑 ]