iptables的规则顺序？|Linux系统专区人人网,QQ空间,登陆,renren,注册,校内,刷人气

离线linyanqi.

初中三年级

发帖: 2152

C币: -604665

威望: 405

贡献值: 2

银元: -1

铜钱: 4817

人人网人气币: 0

只看楼主倒序阅读使用道具楼主发表于: 2009-05-01

参考本论坛的贴子，写一脚本，主.要是防bt，打开了layer7的debug模式，看到规则说明显匹配bittorrent，但就是不能封.住， iptables -t mangle -nL 查.看也有说明关于bittorrent的数据包drop。域名

#!/bin/sh

echo "1" > /proc/sys/n..et/ipv4/ip_forward(广告)

e.cho "1" > /proc/sys/net/ipv4/icmp_echo_ig.nore_broadcasts              乙肝

echo "0" > /proc/sys/net./ipv4/conf/all/accept_.source_route--- 印刷

echo "1" > /proc/sys/net/ipv.4/tcp_syncooki.es              乙肝

echo "1" > /proc/sys/n..et/ipv4/icmp_ignore_bogus_error_responses虚拟主机

INET_IFACE="ppp.0".

LAN_IP.="192.168.3.254".

LAN_IP_RANGE="192.1.68.3.0/.24"健康

LAN_IFA.CE="eth2".

LO_IFACE="lo"

LO_IP="127.0..0.1"           女人

IPTABLES="/sbin/iptables".学习

/sbin/depmod. -a.

/sbin/modprobe ip_tables..

/sb.in/mod.probe ip_conntrack.

/sbin/modp.robe iptable_filte.r           女人

/sbin/modprobe iptab.le_mang.le--------------彩票

/sbin/modprobe ipta.ble_na.t    美容

/sbin./modprobe ipt_MASQU.ERADE.

/sbin/mo.dpro.be ipt_connlimit投资

/sbin/mo.dprobe ipt_ipp2p             电子

/.sbin/modprobe ipt_state.

/sbin/modprob.e ipt_limit    外汇

/sbin/mo.dprobe ip_nat_ftp<性病>

/sbin/modprobe. ip_conntrack_.ftp.

/sbin/m.odprobe ipt_layer7           鲜花

$IPTABLES -P IN.PUT ACCEPT             电子

$IPTABLES -P FO.RW.ARD ACCEPT健康

$IPTABLES .-P OUTPUT. ACCEPT.

$IPTAB.LES .-t nat -P PREROUTING ACCEPT外贸

$IP.TABLES -t nat -P POSTROUTING ACC.EPT.

$IPTAB.LES -t mangle. -P POSTROUTING ACCEPT.

$IPTABLES -t mangle -P PRER.OU.TING ACCEPT.

$IPTABLES -.t mangle -P FOR.WARD ACCEPT--------------彩票

$IPTABLES -F

$IPTABLES -t nat. -F             电子

$IP.TABLES -t mangle -F(        游戏          )

$IPTABLES -X

$IPTA.BLES -t nat -X(        游戏          )

$IPTABLES -t .mangle -X.

$.IPTABLES -P INPUT DROP.

$IPTABLES -P. OUTPUT DROP           鲜花

$IPTABLES -P FORWARD. DROP    健康

$IPTABLES -A INPUT -p tcp --dpo.rt 22 .-j ACCEPT[成人用品]

$IPTABLES -A INPU.T -i $LAN_IFACE -s $LAN_IP_RANG.E -p tcp --syn -m connlimit --connlimit-above 15 --.connlimit-mask 24 -j DROP投资

$IPTABLES -A INPUT -m state --s.tate ESTABLISHE.D,RELATED -j ACCEPT    健康

$IPTAB.LES -A INPUT -p all -i. $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT           鲜花

#$IPTABLES -A INPU.T -p all -i $LO_IFA.CE -s $LAN_IP_RANGE -j ACCEPT服务器

#$IPTABLES. -A INPUT -p a.ll -i $LO_IFACE -s $L0_IP -j ACCEPT.

# .setting p.ostrouting link电影

$IPTAB.LES -t mangle -I POSTROUTING -m. layer7 --l7proto bittorrent -j DROP虚拟主机

$IPT.ABLES -t mangle -I POST.ROUTING -m layer7 --l7proto fasttrack -j DROP.

$IPTABLES -t mangle -I POSTROUTING .-m laye.r7 --l7proto edonkey -j DROP    美容

$IPTABLES -t mangle -I. POSTROUTING -m layer7 --l7p.roto skypeout -j DROP服务器

$IPTABLES -t mangle -I POSTROUTING. -m layer7 --l7proto skypetoskype -j DRO.P              乙肝

$IPTABLE.S -t nat -A POSTROUTING -o $INET_IFACE -j MASQUER.ADE    美容

# setting ..FORWARD link filter.

$IPTABLES -I FORWA.RD -m s.tate --state ESTABLISHED,RELATED -j ACCEPT虚拟主机

$IPTABLES -A FORWARD -m ipp2p -.-edk --kaz.aa --bit -j DROP             电子

$IPTABLES -A FORWARD -p tcp. -m ipp2.p --ares -j DROP--- 印刷

$IPTABLES -A FORWARD -p u.dp -.m ipp2p --kazaa -j DROP           鲜花

$IPTABLES -A FORWARD -p tcp --syn --dport 80 -m .connlimit --connlimi.t-ab.ove 15 --connlimit-mask 24 -j DROP           建材

$.IPTABLES -A FORWARD. -i $LAN_IFACE -j ACCEPT           女人

# sett.ing output link .filter学习

$IPTABL.ES -A OUTPUT -p ALL -s $LO_I.P -j ACCEPT           建材

$IPTABLES -A OUTPUT -p A.LL -o $INET_IFACE. -j ACCEPT服务器

$IPTABLES -A O.UTPUT -p ALL -o $LAN_IFACE -j .ACCEPT    外汇

复制代码
[ 本帖最后由 rainr.en. 于 2006-1-3 19:17 编辑 ]虚拟主机

评价一下你浏览此帖子的感受

分享到 淘江湖新浪 QQ微博 QQ空间开心人人豆瓣网易微博百度鲜果白社会飞信

离线modiyasi.

初中三年级

发帖: 2086

C币: -235066

威望: 392

贡献值: 1

银元: -2

铜钱: 4687

人人网人气币: 0

只看该作者沙发发表于: 2010-04-13

iptables -nL

Chain INPUT (policy DROP)

target     prot opt source               destination

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22

DROP       tcp  --  192.168.3.0/24       0.0.0.0/0           tcp flags:0x17/0x02 #conn/24 > 15

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

ACCEPT     all  --  192.168.3.0/24       0.0.0.0/0

Chain FORWARD (policy DROP)

target     prot opt source               destination

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

DROP       all  --  0.0.0.0/0            0.0.0.0/0           ipp2p v0.7.2 --kazaa --edk --bit

DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           ipp2p v0.7.2 --ares

DROP       udp  --  0.0.0.0/0            0.0.0.0/0           ipp2p v0.7.2 --kazaa

DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 flags:0x17/0x02 #conn/24 > 15

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP)

target     prot opt source               destination

ACCEPT     all  --  127.0.0.1            0.0.0.0/0

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
复制代码

离线xsheng1983.

初中三年级

发帖: 2049

C币: -199186

威望: 366

贡献值: 1

银元: -3

铜钱: 4536

人人网人气币: 0

只看该作者板凳发表于: 2010-04-13

iptables -t mangle -nL

Chain PREROUTING (policy ACCEPT)

target     prot opt source               destination

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)

target     prot opt source               destination

DROP       all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypetoskype

DROP       all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto skypeout

DROP       all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto edonkey

DROP       all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto fasttrack

DROP       all  --  0.0.0.0/0            0.0.0.0/0           LAYER7 l7proto bittorrent
复制代码

离线aeleven.

初中三年级

发帖: 2203

C币: -262342

威望: 435

贡献值: 1

银元: -1

铜钱: 5066

人人网人气币: 0

只看该作者地板发表于: 2010-04-13

Source                Destination           Proto   State        TTL
192.168.3.1,4145      219.136.69.52,23      tcp     SYN_SENT       0:00:41
192.168.3.3,2840      61.135.133.186,2011   tcp     ESTABLISHED  119:59:59
192.168.3.11,2178     192.168.3.254,22      tcp     ESTABLISHED  119:59:59
192.168.3.11,2222     222.36.44.8,80        tcp     TIME_WAIT      0:01:30
192.168.3.21,2774     218.22.69.29,80       tcp     TIME_WAIT      0:01:59
192.168.3.21,1025     61.144.56.100,53      udp                    0:02:59
192.168.3.21,2776     218.22.69.29,80       tcp     ESTABLISHED  119:59:59
192.168.3.21,2781     219.129.20.240,80     tcp     ESTABLISHED  119:59:59
192.168.3.21,2780     222.191.251.62,80     tcp     ESTABLISHED  119:59:59
192.168.3.21,2782     218.22.69.19,80       tcp     ESTABLISHED  119:59:59
192.168.3.21,4001     219.133.38.166,8000   udp                    0:02:56
192.168.3.21,2778     218.22.69.18,80       tcp     TIME_WAIT      0:01:59
192.168.3.21,1662     61.144.56.100,53      udp                    0:02:59
192.168.3.21,2777     203.136.174.165,80    tcp     ESTABLISHED  119:59:59
192.168.3.21,1036     61.144.56.100,53      udp                    0:02:59
192.168.3.21,2779     218.106.96.248,80     tcp     SYN_SENT       0:01:59
192.168.3.21,2775     218.22.69.29,80       tcp     TIME_WAIT      0:01:58
192.168.3.86,4238     60.163.194.173,18948  tcp     SYN_SENT       0:01:44
192.168.3.86,4271     221.228.86.218,7010   tcp     SYN_SENT       0:01:48
192.168.3.86,4325     222.50.58.249,1240    tcp     ESTABLISHED  119:59:59
192.168.3.86,3948     222.90.211.18,8611    tcp     SYN_SENT       0:00:23
192.168.3.86,3879     72.59.27.233,62245    tcp     SYN_SENT       0:00:11
192.168.3.86,3843     221.137.246.232,19491 tcp     SYN_SENT       0:00:03
192.168.3.86,4319     61.134.11.250,36218   tcp     SYN_SENT       0:01:56
192.168.3.86,3838     60.48.218.16,9496     tcp     TIME_WAIT      0:00:10
192.168.3.86,4314     218.28.43.3,10319     tcp     SYN_SENT       0:01:56
192.168.3.86,4136     219.236.180.73,12925  tcp     SYN_SENT       0:01:12
192.168.3.86,4321     221.226.21.100,1945   tcp     SYN_SENT       0:01:56
192.168.3.86,4117     221.12.38.39,13413    tcp     SYN_SENT       0:01:12
192.168.3.86,4313     220.170.159.28,16757  tcp     SYN_SENT       0:01:56
192.168.3.86,4187     222.209.144.74,1288   tcp     SYN_SENT       0:01:28
192.168.3.86,4098     211.158.59.156,1191   tcp     SYN_SENT       0:01:08
192.168.3.86,4207     61.53.52.252,3552     tcp     SYN_SENT       0:01:32
192.168.3.86,4198     60.220.92.55,9831     tcp     SYN_SENT       0:01:28
192.168.3.86,4145     211.137.76.207,8096   tcp     SYN_SENT       0:01:16
192.168.3.86,4260     221.201.23.100,10573  tcp     TIME_WAIT      0:01:58
192.168.3.86,4047     82.6.44.69,23096      tcp     TIME_WAIT      0:00:53
192.168.3.86,3844     218.19.181.75,29016   tcp     ESTABLISHED  119:59:47
192.168.3.86,4192     61.191.224.206,55596  tcp     SYN_SENT       0:01:28
192.168.3.86,6001     219.133.38.148,8000   udp                    0:01:35
192.168.3.86,4222     220.180.150.122,3922  tcp     SYN_SENT       0:01:36
192.168.3.86,4295     218.81.223.180,11285  tcp     SYN_SENT       0:01:52
192.168.3.86,4165     221.137.246.232,19491 tcp     SYN_SENT       0:01:24
192.168.3.86,4163     61.242.93.19,1852     tcp     SYN_SENT       0:01:24
192.168.3.86,4304     211.158.59.156,1146   tcp     SYN_SENT       0:01:56
192.168.3.86,4854     61.142.98.59,16881    tcp     ESTABLISHED  119:59:57
192.168.3.86,4110     219.82.55.218,10780   tcp     TIME_WAIT      0:01:16
192.168.3.86,8000     220.137.240.109,11473 udp                    0:00:11
192.168.3.86,4054     221.217.40.163,18745  tcp     TIME_WAIT      0:01:02
192.168.3.86,3992     219.131.27.195,14718  tcp     SYN_SENT       0:00:44
192.168.3.86,3848     70.49.92.113,25061    tcp     SYN_SENT       0:00:07
192.168.3.86,4042     222.76.174.93,31191   tcp     ESTABLISHED  119:59:59
192.168.3.86,3957     221.12.50.39,1526     tcp     SYN_SENT       0:00:27
192.168.3.86,4191     61.191.224.206,51950  tcp     SYN_SENT       0:01:28
192.168.3.86,4268     218.0.172.114,30161   tcp     SYN_SENT       0:01:48
192.168.3.86,4208     61.53.52.252,3036     tcp     SYN_SENT       0:01:32
192.168.3.86,3941     61.171.38.237,17183   tcp     SYN_SENT       0:00:23
192.168.3.86,4056     221.198.205.180,27071 tcp     TIME_WAIT      0:00:58
192.168.3.86,3964     218.81.248.8,1580     tcp     SYN_SENT       0:00:27
192.168.3.86,4152     222.35.150.100,15700  tcp     TIME_WAIT      0:01:19
192.168.3.86,4255     60.176.138.199,11641  tcp     SYN_SENT       0:01:44
192.168.3.86,3861     221.228.97.140,4165   tcp     SYN_SENT       0:00:07
192.168.3.86,4089     222.246.58.97,14190   tcp     TIME_WAIT      0:00:59
192.168.3.86,4079     218.57.142.120,34642  tcp     SYN_SENT       0:01:08
192.168.3.86,4080     72.59.27.233,64086    tcp     SYN_SENT       0:01:08
192.168.3.86,4025     222.67.38.248,23924   tcp     SYN_SENT       0:00:56
192.168.3.86,4169     67.68.16.128,60602    tcp     SYN_SENT       0:01:24
192.168.3.86,4270     222.90.212.230,11773  tcp     SYN_SENT       0:01:48
192.168.3.86,3986     218.19.196.73,9478    tcp     TIME_WAIT      0:00:31
192.168.3.86,3967     219.78.196.46,18962   tcp     TIME_WAIT      0:00:41
192.168.3.86,3751     220.191.40.189,19866  tcp     ESTABLISHED  119:59:28
192.168.3.86,4312     59.57.139.8,31191     tcp     SYN_SENT       0:01:56
192.168.3.86,3930     219.77.75.34,51753    tcp     SYN_SENT       0:00:23
192.168.3.86,4306     61.191.224.206,35205  tcp     SYN_SENT       0:01:56
192.168.3.86,4216     218.16.67.124,1255    tcp     SYN_SENT       0:01:36
192.168.3.86,4119     218.84.206.6,16652    tcp     SYN_SENT       0:01:09
192.168.3.86,4059     218.19.184.123,11072  tcp     SYN_SENT       0:01:00
192.168.3.86,4294     218.10.189.156,1793   tcp     SYN_SENT       0:01:52
192.168.3.86,8000     61.191.225.59,14994   udp                    0:00:11
192.168.3.86,4250     222.67.44.76,10367    tcp     SYN_SENT       0:01:44
192.168.3.86,3854     219.144.254.39,3174   tcp     SYN_SENT       0:00:07
192.168.3.86,4176     221.228.97.140,4165   tcp     SYN_SENT       0:01:24
192.168.3.86,3975     218.200.118.193,25415 tcp     SYN_SENT       0:00:31
192.168.3.86,4109     84.9.144.67,16210     tcp     SYN_SENT       0:01:14
192.168.3.86,4244     219.131.27.195,10697  tcp     SYN_SENT       0:01:44
192.168.3.86,4161     222.93.149.188,4316   tcp     SYN_SENT       0:01:24
192.168.3.86,3944     69.207.242.122,16881  tcp     SYN_SENT       0:00:23
192.168.3.86,4269     221.239.145.242,10368 tcp     SYN_SENT       0:01:48
192.168.3.86,4303     219.132.5.94,3279     tcp     SYN_SENT       0:01:52
192.168.3.86,4293     58.34.70.26,23818     tcp     SYN_SENT       0:01:52
192.168.3.86,3873     61.191.224.206,51950  tcp     SYN_SENT       0:00:07
192.168.3.86,4292     218.86.230.178,9833   tcp     SYN_SENT       0:01:52
192.168.3.86,4137     218.81.4.168,12928    tcp     SYN_SENT       0:01:12
192.168.3.86,3903     219.77.75.34,14359    tcp     SYN_SENT       0:00:19
192.168.3.86,4024     219.133.40.57,12000   tcp     TIME_WAIT      0:00:43
192.168.3.86,4123     59.40.45.89,2004      tcp     SYN_SENT       0:01:12
192.168.3.86,4226     80.236.90.201,7875    tcp     TIME_WAIT      0:01:32
192.168.3.86,4315     211.148.220.22,14358  tcp     SYN_SENT       0:01:56
192.168.3.86,4125     58.82.174.174,2226    tcp     SYN_SENT       0:01:12
192.168.3.86,4140     218.82.202.202,10124  tcp     SYN_SENT       0:01:16
192.168.3.86,4081     61.149.83.59,59384    tcp     SYN_SENT       0:01:01
192.168.3.86,4097     218.185.222.40,11234  tcp     SYN_SENT       0:01:08
192.168.3.86,4298     219.132.5.94,1200     tcp     SYN_SENT       0:01:52
192.168.3.86,4215     222.35.150.100,1787   tcp     SYN_SENT       0:01:36
192.168.3.86,3918     60.176.138.199,11641  tcp     SYN_SENT       0:00:19
192.168.3.86,4112     202.156.220.216,16965 tcp     TIME_WAIT      0:01:15
192.168.3.86,4058     222.240.210.171,14009 tcp     SYN_SENT       0:01:00
192.168.3.86,4189     60.178.133.213,20527  tcp     SYN_SENT       0:01:28
192.168.3.86,3928     222.65.109.245,17510  tcp     TIME_WAIT      0:00:16
192.168.3.86,3931     222.36.8.100,22444    tcp     SYN_SENT       0:00:23
192.168.3.86,3997     218.69.189.80,13007   tcp     SYN_SENT       0:00:43
192.168.3.86,4096     221.217.65.121,12359  tcp     TIME_WAIT      0:01:26
192.168.3.86,3859     218.94.92.83,35868    tcp     SYN_SENT       0:00:07
192.168.3.86,4213     58.51.222.141,23341   tcp     TIME_WAIT      0:01:36
192.168.3.86,4175     218.94.92.83,35868    tcp     SYN_SENT       0:01:24
192.168.3.86,3943     61.174.148.122,3745   tcp     SYN_SENT       0:00:23
192.168.3.86,3819     222.93.149.188,4316   tcp     SYN_SENT       0:00:03
192.168.3.86,3969     61.153.49.78,14487    tcp     SYN_SENT       0:00:31
192.168.3.86,4285     222.71.180.215,9541   tcp     SYN_SENT       0:01:48
192.168.3.86,3867     218.185.222.40,28608  tcp     SYN_SENT       0:00:07
192.168.3.86,3938     61.50.229.101,10850   tcp     SYN_SENT       0:00:23
192.168.3.86,1128     222.93.124.75,23469   tcp     ESTABLISHED  119:59:01
192.168.3.86,3907     221.6.90.106,14066    tcp     SYN_SENT       0:00:19
192.168.3.86,4245     219.150.172.134,15248 tcp     SYN_SENT       0:01:44
192.168.3.86,4179     221.199.152.137,50294 tcp     SYN_SENT       0:01:26
192.168.3.86,4180     24.199.82.47,7347     tcp     FIN_WAIT       0:01:40
192.168.3.86,4241     220.178.186.170,12507 tcp     TIME_WAIT      0:01:36
192.168.3.86,4242     222.65.191.173,13382  tcp     TIME_WAIT      0:01:45
192.168.3.86,3855     221.192.9.202,1441    tcp     SYN_SENT       0:00:07
192.168.3.86,4026     222.90.208.226,7151   tcp     SYN_SENT       0:00:55
192.168.3.86,4090     218.87.22.143,10421   tcp     TIME_WAIT      0:01:11
192.168.3.86,4138     59.40.252.34,34701    tcp     SYN_SENT       0:01:16
192.168.3.86,3832     218.82.242.209,16881  tcp     TIME_WAIT      0:01:32
192.168.3.86,4174     68.150.65.228,39137   tcp     SYN_SENT       0:01:24
192.168.3.86,4102     61.173.248.132,1165   tcp     SYN_SENT       0:01:08
192.168.3.86,3945     210.87.139.162,16881  tcp     SYN_SENT       0:00:23
192.168.3.86,3929     218.75.174.241,9490   tcp     TIME_WAIT      0:00:30
192.168.3.86,4156     60.8.59.32,18265      tcp     TIME_WAIT      0:01:29
192.168.3.86,3830     222.90.211.18,62940   tcp     SYN_SENT       0:00:03
192.168.3.86,3916     24.6.208.138,13660    tcp     SYN_SENT       0:00:19
192.168.3.86,4218     84.188.237.174,4154   tcp     SYN_SENT       0:01:36
192.168.3.86,3977     218.185.222.40,32475  tcp     SYN_SENT       0:00:31
192.168.3.86,3868     218.185.222.40,45721  tcp     SYN_SENT       0:00:07
192.168.3.86,4018     221.15.84.84,25365    tcp     TIME_WAIT      0:00:59
192.168.3.86,3994     221.234.199.25,26500  tcp     TIME_WAIT      0:00:40
192.168.3.86,3936     221.11.26.229,12521   tcp     SYN_SENT       0:00:23
192.168.3.86,3933     218.29.239.208,27724  tcp     SYN_SENT       0:00:23
192.168.3.86,4256     61.49.176.120,14837   tcp     SYN_SENT       0:01:44
192.168.3.86,4115     218.82.124.91,26087   tcp     SYN_SENT       0:01:12
192.168.3.86,4177     222.93.149.188,4897   tcp     SYN_SENT       0:01:24
192.168.3.86,4291     218.59.180.44,19107   tcp     SYN_SENT       0:01:52
192.168.3.86,4147     61.49.176.120,22063   tcp     SYN_SENT       0:01:16
192.168.3.86,4151     221.226.255.240,12388 tcp     TIME_WAIT      0:01:19
192.168.3.86,3920     61.49.176.120,14837   tcp     SYN_SENT       0:00:19
192.168.3.86,3906     219.150.172.134,15248 tcp     SYN_SENT       0:00:19
192.168.3.86,4155     67.168.239.151,4176   tcp     SYN_SENT       0:01:24
192.168.3.86,4153     220.231.12.130,9802   tcp     SYN_SENT       0:01:16
192.168.3.86,4128     24.6.208.138,1615     tcp     SYN_SENT       0:01:12
192.168.3.86,4281     221.221.7.21,18480    tcp     TIME_WAIT      0:01:43
192.168.3.86,4202     219.140.91.139,24022  tcp     SYN_SENT       0:01:32
192.168.3.86,3863     222.93.149.188,4897   tcp     SYN_SENT       0:00:07
192.168.3.86,4272     222.41.150.239,12456  tcp     SYN_SENT       0:01:48
192.168.3.86,4129     81.159.2.2,17377      tcp     SYN_SENT       0:01:12
192.168.3.86,4130     202.113.175.20,7764   tcp     SYN_SENT       0:01:12
192.168.3.86,3839     61.147.161.209,4386   tcp     SYN_SENT       0:00:03
192.168.3.86,4078     218.185.222.40,48378  tcp     SYN_SENT       0:01:07
192.168.3.86,4043     59.33.109.4,8864      tcp     TIME_WAIT      0:01:10
192.168.3.86,4006     221.226.185.216,11401 tcp     SYN_SENT       0:00:51
192.168.3.86,3999     218.1.181.4,15224     tcp     SYN_SENT       0:00:43
192.168.3.86,3857     222.47.194.151,1503   tcp     SYN_SENT       0:00:07
192.168.3.86,3849     60.25.124.188,61335   tcp     SYN_SENT       0:00:07
192.168.3.86,4205     218.81.163.125,9011   tcp     TIME_WAIT      0:01:37
192.168.3.86,4068     61.59.151.4,32459     tcp     TIME_WAIT      0:00:56
192.168.3.86,3968     61.174.104.52,9516    tcp     SYN_SENT       0:00:31
192.168.3.86,4266     222.90.211.18,8611    tcp     SYN_SENT       0:01:44
192.168.3.86,4124     59.38.184.79,2330     tcp     SYN_SENT       0:01:12
192.168.3.86,6002     219.133.38.18,8001    udp                    0:01:34
192.168.3.86,4232     61.142.182.152,10426  tcp     TIME_WAIT      0:01:28
192.168.3.86,4195     60.178.133.213,26655  tcp     SYN_SENT       0:01:28
192.168.3.86,4028     211.158.59.156,1490   tcp     SYN_SENT       0:00:55
192.168.3.86,3982     60.248.187.38,11740   tcp     SYN_SENT       0:00:31
192.168.3.86,4181     192.168.1.100,18442   tcp     SYN_SENT       0:01:28
192.168.3.86,4288     71.247.209.8,50013    tcp     SYN_SENT       0:01:52
192.168.3.86,3880     218.1.91.203,21214    tcp     TIME_WAIT      0:00:15
192.168.3.86,4261     219.144.254.39,12480  tcp     TIME_WAIT      0:01:50
192.168.3.86,4001     221.223.53.227,12136  tcp     TIME_WAIT      0:00:37
192.168.3.86,3826     218.23.165.106,8073   tcp     TIME_WAIT      0:00:08
192.168.3.86,4254     59.40.45.89,20003     tcp     SYN_SENT       0:01:44
192.168.3.86,4258     218.81.250.253,11285  tcp     SYN_SENT       0:01:44
192.168.3.86,4171     221.192.9.202,1441    tcp     SYN_SENT       0:01:24
192.168.3.86,3990     219.133.38.178,80     tcp     TIME_WAIT      0:00:58
192.168.3.86,3960     221.220.222.15,1164   tcp     SYN_SENT       0:00:27
192.168.3.86,4324     218.87.53.131,18555   tcp     TIME_WAIT      0:01:55
192.168.3.86,4217     222.93.149.188,4019   tcp     SYN_SENT       0:01:36
192.168.3.86,3850     61.163.246.67,9824    tcp     SYN_SENT       0:00:07
192.168.3.86,4229     218.82.226.175,17968  tcp     TIME_WAIT      0:01:30
192.168.3.86,4172     72.59.27.233,63585    tcp     SYN_SENT       0:01:24
192.168.3.86,4087     222.90.211.18,63124   tcp     SYN_SENT       0:01:07
192.168.3.86,3909     221.239.70.2,15100    tcp     SYN_SENT       0:00:19
192.168.3.86,3825     222.75.5.179,27228    tcp     TIME_WAIT      0:00:09
192.168.3.86,4004     219.133.248.244,9272  tcp     SYN_SENT       0:00:47
192.168.3.86,3983     222.70.201.170,13274  tcp     TIME_WAIT      0:00:24
192.168.3.86,3961     221.220.222.15,3670   tcp     SYN_SENT       0:00:27
192.168.3.86,3846     60.16.69.148,57341    tcp     SYN_SENT       0:00:07
192.168.3.86,4157     218.69.189.80,13635   tcp     SYN_SENT       0:01:24
192.168.3.86,4061     69.228.82.231,13241   tcp     SYN_SENT       0:00:59
192.168.3.86,4105     221.228.170.189,55399 tcp     SYN_SENT       0:01:08
192.168.3.86,3897     219.145.61.162,12521  tcp     SYN_SENT       0:00:11
192.168.3.86,4251     222.90.192.155,12456  tcp     SYN_SENT       0:01:44
192.168.3.86,4019     218.12.70.5,20245     tcp     TIME_WAIT      0:00:56
192.168.3.86,8000     58.48.111.62,82       udp                    0:02:59
192.168.3.86,3858     68.150.65.228,39137   tcp     SYN_SENT       0:00:07
192.168.3.86,4033     218.18.188.16,11438   tcp     TIME_WAIT      0:00:48
192.168.3.86,3817     221.199.152.137,13675 tcp     SYN_SENT       0:00:03
192.168.3.86,4148     222.183.81.30,1717    tcp     SYN_SENT       0:01:16
192.168.3.86,4002     218.87.53.131,18555   tcp     TIME_WAIT      0:00:35
192.168.3.86,4135     61.174.148.122,22443  tcp     SYN_SENT       0:01:12
192.168.3.86,2832     222.223.163.194,16672 tcp     ESTABLISHED  119:59:54
192.168.3.86,3980     219.146.198.101,1101  tcp     SYN_SENT       0:00:31
192.168.3.86,3913     222.67.44.76,10367    tcp     SYN_SENT       0:00:19
192.168.3.86,4023     60.4.64.2,26976       tcp     SYN_SENT       0:00:51
192.168.3.86,4311     60.48.218.16,3453     tcp     SYN_SENT       0:01:56
192.168.3.86,4289     218.19.49.222,13412   tcp     SYN_SENT       0:01:52
192.168.3.86,4221     210.56.217.184,17806  tcp     SYN_SENT       0:01:36
192.168.3.86,4002     219.133.49.173,8000   udp                    0:02:32
192.168.3.86,3910     222.35.116.194,16283  tcp     SYN_SENT       0:00:19
192.168.3.86,4183     218.185.222.40,32744  tcp     SYN_SENT       0:01:28
192.168.3.86,4164     221.232.144.61,14652  tcp     SYN_SENT       0:01:24
192.168.3.86,4075     221.228.97.140,18409  tcp     TIME_WAIT      0:01:11
192.168.3.86,3899     222.66.8.252,32446    tcp     SYN_SENT       0:00:11
192.168.3.86,3974     218.200.118.193,48064 tcp     SYN_SENT       0:00:31
192.168.3.86,3932     221.6.163.131,17806   tcp     SYN_SENT       0:00:23
192.168.3.86,4297     221.12.50.39,1526     tcp     SYN_SENT       0:01:52
192.168.3.86,4167     218.23.165.106,8073   tcp     TIME_WAIT      0:01:29
192.168.3.86,3892     60.166.20.182,7143    tcp     SYN_SENT       0:00:11
192.168.3.86,4116     218.13.174.9,1132     tcp     SYN_SENT       0:01:12
192.168.3.86,3934     218.16.67.124,1445    tcp     SYN_SENT       0:00:23
192.168.3.86,3981     218.69.90.234,56809   tcp     SYN_SENT       0:00:31
192.168.3.86,4214     60.210.192.101,16584  tcp     SYN_SENT       0:01:25
192.168.3.86,4064     218.0.80.137,45603    tcp     SYN_SENT       0:00:59
192.168.3.86,4091     61.242.93.19,26058    tcp     SYN_SENT       0:01:08
192.168.3.86,4282     219.135.164.120,25888 tcp     TIME_WAIT      0:01:52
192.168.3.86,4126     58.60.36.174,63164    tcp     SYN_SENT       0:01:12
192.168.3.86,4296     61.48.13.215,8915     tcp     TIME_WAIT      0:01:56
192.168.3.86,3908     221.201.23.100,10573  tcp     TIME_WAIT      0:00:27
192.168.3.86,3872     59.36.5.168,2055      tcp     SYN_SENT       0:00:07
192.168.3.86,4077     219.131.6.226,3605    tcp     SYN_SENT       0:01:07
192.168.3.86,4299     58.24.65.18,3427      tcp     SYN_SENT       0:01:52
192.168.3.86,3837     222.209.144.74,13631  tcp     TIME_WAIT      0:00:16
192.168.3.86,4246     221.6.90.106,14066    tcp     SYN_SENT       0:01:44
192.168.3.86,4257     125.213.38.20,10553   tcp     SYN_SENT       0:01:44
192.168.3.86,4197     202.98.58.153,10020   tcp     SYN_SENT       0:01:28
192.168.3.86,4083     221.226.21.100,1740   tcp     SYN_SENT       0:01:07
192.168.3.86,4044     220.44.88.89,19270    tcp     TIME_WAIT      0:00:52
192.168.3.86,4649     220.181.28.226,443    tcp     ESTABLISHED  119:59:30
192.168.3.86,3976     218.89.99.245,4963    tcp     SYN_SENT       0:00:31
192.168.3.86,4008     218.93.178.172,19910  tcp     TIME_WAIT      0:00:47
192.168.3.86,4196     218.1.181.4,9593      tcp     SYN_SENT       0:01:28
192.168.3.86,3965     219.132.5.94,3279     tcp     SYN_SENT       0:00:27
192.168.3.86,4099     218.78.195.211,18647  tcp     SYN_SENT       0:01:08
192.168.3.86,4104     221.12.84.35,1045     tcp     SYN_SENT       0:01:08
192.168.3.86,4581     61.144.129.182,16881  tcp     ESTABLISHED  119:59:49
192.168.3.86,4103     222.35.150.100,2080   tcp     SYN_SENT       0:01:08
192.168.3.86,4290     220.171.127.55,17223  tcp     SYN_SENT       0:01:52
192.168.3.86,3972     219.146.198.101,3265  tcp     SYN_SENT       0:00:31
192.168.3.86,4114     222.182.195.213,21764 tcp     SYN_SENT       0:01:12
192.168.3.86,4327     60.48.214.76,14892    tcp     SYN_SENT       0:01:59
192.168.3.86,3942     61.173.67.176,3864    tcp     SYN_SENT       0:00:23
192.168.3.86,3971     222.244.7.233,52692   tcp     SYN_SENT       0:00:31
192.168.3.86,4936     59.57.140.159,31191   tcp     ESTABLISHED  119:51:41
192.168.3.86,3923     218.185.222.40,24034  tcp     SYN_SENT       0:00:19
192.168.3.86,4253     24.6.208.138,13660    tcp     SYN_SENT       0:01:44
192.168.3.86,3901     222.174.245.242,27555 tcp     SYN_SENT       0:00:11
192.168.3.86,3949     61.29.129.81,22538    tcp     SYN_SENT       0:00:23
192.168.3.86,4160     61.170.195.43,14539   tcp     TIME_WAIT      0:01:15
192.168.3.86,3905     219.144.254.39,12480  tcp     TIME_WAIT      0:00:26
192.168.3.86,3851     221.130.56.5,29360    tcp     SYN_SENT       0:00:07
192.168.3.86,4034     221.1.84.43,8080      tcp     TIME_WAIT      0:00:48
192.168.3.86,4141     218.71.140.253,7024   tcp     SYN_SENT       0:01:16
192.168.3.86,4062     211.158.59.156,14802  tcp     SYN_SENT       0:00:59
192.168.3.86,4113     219.133.208.6,11563   tcp     SYN_SENT       0:01:12
192.168.3.86,3877     219.150.172.134,39202 tcp     SYN_SENT       0:00:11
192.168.3.86,4210     61.170.151.232,11285  tcp     TIME_WAIT      0:01:25
192.168.3.86,4267     61.29.129.81,22538    tcp     SYN_SENT       0:01:44
192.168.3.86,4060     58.60.36.174,53585    tcp     SYN_SENT       0:00:59
192.168.3.86,3818     222.90.0.140,18888    tcp     TIME_WAIT      0:00:07
192.168.3.86,4184     218.185.222.40,28608  tcp     SYN_SENT       0:01:28
192.168.3.86,4265     147.8.84.210,15653    tcp     TIME_WAIT      0:01:50
192.168.3.86,4022     211.158.128.100,16232 tcp     TIME_WAIT      0:00:55
192.168.3.86,4166     222.75.5.179,27228    tcp     TIME_WAIT      0:01:29
192.168.3.86,3866     218.185.222.40,32744  tcp     SYN_SENT       0:00:07
192.168.3.86,4133     61.172.67.144,19646   tcp     ESTABLISHED  119:45:22
192.168.3.86,4201     220.49.228.41,10075   tcp     SYN_SENT       0:01:32
192.168.3.86,3991     60.221.238.191,23688  tcp     TIME_WAIT      0:00:48
192.168.3.86,3914     222.90.192.155,12456  tcp     SYN_SENT       0:00:19
192.168.3.86,4030     82.83.229.6,7685      tcp     SYN_SENT       0:00:55
192.168.3.86,3973     222.244.7.233,10801   tcp     SYN_SENT       0:00:31
192.168.3.86,3833     218.23.84.43,13688    tcp     TIME_WAIT      0:00:07
192.168.3.86,3951     222.71.180.215,9541   tcp     SYN_SENT       0:00:23
192.168.3.86,4248     221.239.70.2,15100    tcp     SYN_SENT       0:01:44
192.168.3.86,4247     219.77.75.34,14359    tcp     SYN_SENT       0:01:44
192.168.3.86,4005     222.79.29.254,14873   tcp     TIME_WAIT      0:00:39
192.168.3.86,4092     220.170.159.28,3975   tcp     SYN_SENT       0:01:08
192.168.3.86,4328     60.63.101.18,2690     tcp     SYN_SENT       0:01:59
192.168.3.86,4118     222.66.0.35,9178      tcp     SYN_SENT       0:01:12
192.168.3.86,3871     60.178.133.213,20527  tcp     SYN_SENT       0:00:07
192.168.3.86,3922     218.81.250.253,11285  tcp     SYN_SENT       0:00:19
192.168.3.86,3898     222.90.134.179,7151   tcp     SYN_SENT       0:00:11
192.168.3.86,3791     222.50.58.249,1240    tcp     CLOSE          0:00:06
192.168.3.86,3996     24.199.100.203,15419  tcp     SYN_SENT       0:00:43
192.168.3.86,3886     72.59.27.233,12088    tcp     SYN_SENT       0:00:11
192.168.3.86,4082     60.221.238.191,3711   tcp     SYN_SENT       0:01:07
192.168.3.86,3890     60.165.89.217,15801   tcp     SYN_SENT       0:00:11
192.168.3.86,4262     222.58.60.21,8489     tcp     TIME_WAIT      0:01:54
192.168.3.86,3940     61.170.208.158,10328  tcp     SYN_SENT       0:00:23
192.168.3.86,4073     60.223.54.111,24096   tcp     TIME_WAIT      0:01:13
192.168.3.86,2596     60.26.61.50,16881     tcp     ESTABLISHED  119:57:15
192.168.3.86,4144     58.17.216.161,8129    tcp     SYN_SENT       0:01:16
192.168.3.86,4237     221.208.118.119,24235 tcp     FIN_WAIT       0:01:54
192.168.3.86,3915     222.173.88.154,11445  tcp     SYN_SENT       0:00:19
192.168.3.86,4211     219.134.215.14,7063   tcp     TIME_WAIT      0:01:29
192.168.3.86,8000     61.10.21.22,18324     udp                    0:00:11
192.168.3.86,4088     59.56.66.204,11830    tcp     TIME_WAIT      0:00:59
192.168.3.86,4134     219.135.219.217,8197  tcp     SYN_SENT       0:01:12
192.168.3.86,4170     219.144.254.39,3174   tcp     SYN_SENT       0:01:24
192.168.3.86,4111     220.167.50.166,15517  tcp     SYN_SENT       0:01:12
192.168.3.86,8000     24.222.40.135,26395   udp                    0:00:21
192.168.3.86,3829     61.59.151.4,32459     tcp     TIME_WAIT      0:00:03
192.168.3.86,3853     67.68.16.128,60602    tcp     SYN_SENT       0:00:07
192.168.3.86,4300     221.220.222.15,1164   tcp     SYN_SENT       0:01:52
192.168.3.86,3979     61.134.11.253,27008   tcp     SYN_SENT       0:00:31
192.168.3.86,4220     211.158.59.156,1591   tcp     SYN_SENT       0:01:36
192.168.3.86,3912     222.58.60.21,8489     tcp     TIME_WAIT      0:00:27
192.168.3.86,4122     218.185.222.40,62625  tcp     SYN_SENT       0:01:12
192.168.3.86,3878     72.59.27.233,60592    tcp     SYN_SENT       0:00:11
192.168.3.86,3998     221.232.226.5,25595   tcp     SYN_SENT       0:00:43
192.168.3.86,6003     219.133.38.252,8000   udp                    0:01:35
192.168.3.86,4108     222.182.85.162,4332   tcp     SYN_SENT       0:01:12
192.168.3.86,4259     218.185.222.40,24034  tcp     SYN_SENT       0:01:44
192.168.3.86,3921     125.213.38.20,10553   tcp     SYN_SENT       0:00:19
192.168.3.86,3888     221.220.221.235,25530 tcp     SYN_SENT       0:00:11
192.168.3.86,3917     59.40.45.89,20003     tcp     SYN_SENT       0:00:19
192.168.3.86,4146     60.13.218.14,16652    tcp     SYN_SENT       0:01:08
192.168.3.86,4323     221.226.185.216,2029  tcp     SYN_SENT       0:01:58
192.168.3.86,4143     222.182.200.247,21764 tcp     SYN_SENT       0:01:16
192.168.3.86,1365     60.26.61.50,16881     tcp     ESTABLISHED  119:49:09
192.168.3.86,4231     221.239.253.48,11719  tcp     TIME_WAIT      0:01:27
192.168.3.86,3869     61.29.173.251,34739   tcp     SYN_SENT       0:00:07
192.168.3.86,4050     222.65.191.173,13382  tcp     TIME_WAIT      0:01:57
192.168.3.86,4284     60.215.250.37,17924   tcp     SYN_SENT       0:01:42
192.168.3.86,3749     222.55.74.239,9274    tcp     TIME_WAIT      0:00:07
192.168.3.86,4106     218.1.91.203,3459     tcp     SYN_SENT       0:01:12
192.168.3.86,4121     222.75.5.179,3870     tcp     SYN_SENT       0:01:12
192.168.3.86,4264     211.158.59.156,1531   tcp     SYN_SENT       0:01:44
192.168.3.86,4302     218.81.248.8,1580     tcp     SYN_SENT       0:01:52
192.168.3.86,3841     61.242.93.19,1852     tcp     SYN_SENT       0:00:03
192.168.3.86,4149     221.226.243.240,15456 tcp     SYN_SENT       0:01:16
192.168.3.86,3937     60.223.5.190,32459    tcp     SYN_SENT       0:00:23
192.168.3.86,3893     221.202.133.85,17531  tcp     TIME_WAIT      0:00:21
192.168.3.86,3950     60.215.250.37,17924   tcp     SYN_SENT       0:00:21
192.168.3.86,4142     59.38.184.79,26459    tcp     SYN_SENT       0:01:16
192.168.3.86,3670     221.4.182.171,14941   tcp     TIME_WAIT      0:00:36
192.168.3.86,4031     221.233.54.205,16647  tcp     TIME_WAIT      0:01:00
192.168.3.86,4309     222.91.52.180,24612   tcp     SYN_SENT       0:01:56
192.168.3.86,4048     61.53.52.252,8989     tcp     TIME_WAIT      0:01:08
192.168.3.86,3946     211.158.59.156,1531   tcp     SYN_SENT       0:00:23
192.168.3.86,3896     219.139.72.24,9591    tcp     SYN_SENT       0:00:11
192.168.3.86,4223     219.146.198.101,18655 tcp     SYN_SENT       0:01:36
192.168.3.86,3831     222.79.3.115,11877    tcp     SYN_SENT       0:00:03
192.168.3.86,4003     219.140.229.191,11945 tcp     TIME_WAIT      0:00:39
192.168.3.86,4139     222.79.13.99,11065    tcp     SYN_SENT       0:01:16
192.168.3.86,3889     218.18.69.87,28859    tcp     SYN_SENT       0:00:11
192.168.3.86,4249     222.35.116.194,16283  tcp     SYN_SENT       0:01:44
192.168.3.86,4029     219.136.173.14,7820   tcp     SYN_SENT       0:00:55
192.168.3.86,3821     218.87.8.147,22508    tcp     TIME_WAIT      0:00:07
192.168.3.86,4159     60.49.64.225,23368    tcp     SYN_SENT       0:01:24
192.168.3.86,3904     219.131.27.195,10697  tcp     SYN_SENT       0:00:19
192.168.3.86,3970     61.49.176.120,35355   tcp     SYN_SENT       0:00:31
192.168.3.86,4310     61.51.224.89,4779     tcp     SYN_SENT       0:01:56
192.168.3.86,4212     211.74.82.35,13915    tcp     TIME_WAIT      0:01:38
192.168.3.86,4225     218.71.140.253,18233  tcp     SYN_SENT       0:01:36
192.168.3.86,4095     218.1.91.203,1380     tcp     SYN_SENT       0:01:07
192.168.3.86,3891     221.228.170.189,27387 tcp     SYN_SENT       0:00:11
192.168.3.86,4132     61.173.248.132,12779  tcp     TIME_WAIT      0:01:15
192.168.3.86,3847     59.57.178.91,64767    tcp     SYN_SENT       0:00:07
192.168.3.86,4173     222.47.194.151,1503   tcp     SYN_SENT       0:01:24
192.168.3.86,3882     61.154.127.228,7644   tcp     TIME_WAIT      0:00:15
192.168.3.86,4027     219.135.130.199,54282 tcp     SYN_SENT       0:00:55
192.168.3.86,4100     60.16.71.91,65143     tcp     SYN_SENT       0:01:08
192.168.3.86,4127     58.24.65.18,1680      tcp     SYN_SENT       0:01:12
192.168.3.86,3719     58.48.100.246,18748   tcp     TIME_WAIT      0:01:03
192.168.3.86,4204     218.19.5.165,11632    tcp     SYN_SENT       0:01:32
192.168.3.86,3895     218.94.92.83,17058    tcp     SYN_SENT       0:00:11
192.168.3.86,3995     60.26.135.138,18648   tcp     TIME_WAIT      0:00:40
192.168.3.86,3887     211.89.4.205,24595    tcp     SYN_SENT       0:00:11
192.168.3.86,4053     58.52.94.49,19770     tcp     TIME_WAIT      0:00:56
192.168.3.86,4015     58.14.199.145,16883   tcp     SYN_SENT       0:00:43
192.168.3.86,4199     60.7.60.132,16881     tcp     TIME_WAIT      0:01:24
192.168.3.86,4093     60.20.100.251,17439   tcp     SYN_SENT       0:01:07
192.168.3.86,2200     61.142.98.59,16881    tcp     ESTABLISHED  119:45:35
192.168.3.86,4301     221.220.222.15,3670   tcp     SYN_SENT       0:01:52
192.168.3.86,4049     218.61.80.79,4593     tcp     SYN_SENT       0:00:59
192.168.3.86,3959     58.24.65.18,3427      tcp     SYN_SENT       0:00:27
192.168.3.86,3856     72.59.27.233,63585    tcp     SYN_SENT       0:00:07
192.168.3.86,3958     219.132.5.94,1200     tcp     SYN_SENT       0:00:27
192.168.3.86,4162     218.87.8.147,22508    tcp     TIME_WAIT      0:01:27
192.168.3.86,3966     222.139.120.122,9197  tcp     SYN_SENT       0:00:31
192.168.3.86,4203     218.58.59.73,8958     tcp     SYN_SENT       0:01:32
192.168.3.86,4186     61.29.173.251,34739   tcp     SYN_SENT       0:01:28
192.168.3.86,3845     61.53.75.162,21481    tcp     TIME_WAIT      0:00:11
192.168.3.86,4063     222.35.116.194,61575  tcp     SYN_SENT       0:00:59

离线17772.

初中三年级

发帖: 2092

C币: -60655

威望: 392

贡献值: 1

银元: -3

铜钱: 4723

人人网人气币: 0

只看该作者 4楼发表于: 2010-04-13

过滤不要放在 mangle 表里，专表专用，filter 表是管过滤的，放在 filter 表的 FORWARD 链里
另外，LOG 看到了 BT 是很正常的现象，LOG 的提示是匹配提示，不是过滤提示，其实匹配到以后过滤掉了，只不过因为有很多用户尝试 BT，L7-FILTER 匹配到了，且 L7-FILTER 又开启了 debug 功能，所以记录了下来而已，不必担心

离线62712345.

初中三年级

发帖: 2088

C币: -306683

威望: 380

贡献值: 1

银元: -3

铜钱: 4663

人人网人气币: 0

只看该作者 5楼发表于: 2010-04-13

但这个比特精灵还是能下载！

离线xxtyshun.

初中三年级

发帖: 2035

C币: -627287

威望: 357

贡献值: 4

银元: -1

铜钱: 4444

人人网人气币: 0

只看该作者 6楼发表于: 2010-04-13

#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route

echo "1" > /proc/sys/net/ipv4/tcp_syncookies

echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

INET_IFACE="ppp0"

LAN_IP="192.168.3.254"

LAN_IP_RANGE="192.168.3.0/24"

LAN_IFACE="eth2"

LO_IFACE="lo"

LO_IP="127.0.0.1"

IPTABLES="/sbin/iptables"

TC="/sbin/tc"

/sbin/depmod -a

/sbin/modprobe ip_tables

/sbin/modprobe ip_conntrack

/sbin/modprobe iptable_filter

/sbin/modprobe iptable_mangle

/sbin/modprobe iptable_nat

/sbin/modprobe ipt_MASQUERADE

/sbin/modprobe ipt_MARK

/sbin/modprobe ipt_connlimit

/sbin/modprobe ipt_ipp2p

/sbin/modprobe ipt_state

/sbin/modprobe ipt_limit

/sbin/modprobe ip_nat_ftp

/sbin/modprobe ip_conntrack_ftp

/sbin/modprobe ipt_layer7

/sbin/modprobe ipt_mark

# Flush all rules

$IPTABLES -P INPUT ACCEPT

$IPTABLES -P FORWARD ACCEPT

$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -t nat -P PREROUTING ACCEPT

$IPTABLES -t nat -P POSTROUTING ACCEPT

$IPTABLES -t mangle -P POSTROUTING ACCEPT

$IPTABLES -t mangle -P PREROUTING ACCEPT

$IPTABLES -t mangle -P FORWARD ACCEPT

$IPTABLES -F

$IPTABLES -t nat -F

$IPTABLES -t mangle -F

$IPTABLES -X

$IPTABLES -t nat -X

$IPTABLES -t mangle -X

# starting filter

$IPTABLES -P INPUT DROP

$IPTABLES -P OUTPUT DROP

$IPTABLES -P FORWARD DROP

$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

$IPTABLES -A INPUT -i $LAN_IFACE -s $LAN_IP_RANGE -p tcp --syn -m connlimit --connlimit-above 15 --connlimit-mask 24 -j DROP

$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A INPUT -p all -i $LAN_IFACE -s $LAN_IP_RANGE -j ACCEPT

#$IPTABLES -A INPUT -p all -i $LO_IFACE -s $LAN_IP_RANGE -j ACCEPT

#$IPTABLES -A INPUT -p all -i $LO_IFACE -s $L0_IP -j ACCEPT

$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

# setting FORWARD link filter

$IPTABLES -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -m ipp2p --edk --kazaa --bit -j DROP

$IPTABLES -A FORWARD -p tcp -m ipp2p --ares -j DROP

$IPTABLES -A FORWARD -p udp -m ipp2p --kazaa -j DROP

$IPTABLES -A FORWARD -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 --connlimit-mask 24 -j DROP

$IPTABLES -A FORWARD -i $LAN_IFACE -j ACCEPT

# setting output link filter

$IPTABLES -A OUTPUT -p ALL -s $LO_IP -j ACCEPT

$IPTABLES -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT

$IPTABLES -A OUTPUT -p ALL -o $LAN_IFACE -j ACCEPT

# starting nat chains

$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE

# starting mangle chains

# setting postrouting link

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j MARK --set-mark 1

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto bittorrent -j RETURN

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto fasttrack -j MARK --set-mark 1

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto fasttrack -j RETURN

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto skypeout -j MARK --set-mark 1

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto skypeout -j RETURN

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto skypetoskype -j MARK --set-mark 1

$IPTABLES -t mangle -A POSTROUTING -m layer7 --l7proto skypetoskype -j RETURN

$IPTABLES -t mangle -A POSTROUTING -j MARK --set-mark 2

复制代码
#!/bin/sh

TC="/sbin/tc"

INET_IFACE="ppp0"

# starting tc

$TC qdisc del dev $INET_IFACE root 2> /dev/null > /dev/null

$TC qdisc del dev $INET_IFACE ingress 2> /dev/null > /dev/null

$TC qdisc add dev $INET_IFACE root handle 1: htb default 11

$TC class add dev $INET_IFACE parent 1: classid 1:1 htb rate 400kbit ceil 400kbit

$TC class add dev $INET_IFACE parent 1:1 classid 1:11 htb rate 384kbit ceil 384kbit prio 0

$TC class add dev $INET_IFACE parent 1:1 classid 1:12 htb rate 10kbit ceil 10kbit prio 1

$TC qdisc add dev $INET_IFACE parent 1:11 handle 11: sfq perturb 5

$TC qdisc add dev $INET_IFACE parent 1:12 handle 12: sfq perturb 10

$TC filter add dev $INET_IFACE parent 1:0 protocol ip prio 1 handle 1 fw classid 1:12

$TC filter add dev $INET_IFACE parent 1:0 protocol ip prio 1 handle 2 fw classid 1:11

复制代码


	http://www.csuboy.com 访问内容超出本站范围，不能确定是否安全


	关闭您还没有登录，快捷通道只有在登录后才能使用。立即登录还没有帐号？赶紧注册一个


	关闭选中1篇全选

帖子

[问题求助]iptables的规则顺序？ [复制链接]