大家帮我看看我这个iptables有什么问题没有
感谢了
echo "Enable IP Forwarding..." echo 1 >/proc/sys/net/ipv4/ip_forward echo "Starting iptables rules..." #å è½½ä¼ç¨å°ç模å /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe iptable_filter /sbin/modprobe iptable_mangle /sbin/modprobe iptable_nat /sbin/modprobe ipt_LOG /sbin/modprobe ipt_limit /sbin/modprobe ipt_state /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp #æ¸ é¤ææå®ä¹ iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT iptables -F POSTROUTING -t nat iptables -F PREROUTING -t nat iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT #å 许å ç½åæ¬æºè®¿é®INPUT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth1 -j ACCEPT #IPä¼ªè£ ä»£çä¸ç½ iptables -A INPUT -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -i ppp0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -j MASQUERADE #丢å¼åçTCPå iptables -A FORWARD -p TCP ! --syn -m state --state NEW -j LOG --log-prefix "New not syn:" iptables -A FORWARD -p TCP ! --syn -m state --state NEW -j DROP #对äºä¸ç®¡æ¥èªåªéçipç¢çé½è¿è¡æ§å¶ï¼å 许æ¯ç§éè¿100个ç¢ç iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT #icmpå éè¿çæ§å¶ï¼é²æ¢icmpé»å®¢æ»å» iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT #é²æ¢å¤ç½ç¨å ç½ipæ¬ºéª iptables -t nat -A PREROUTING -i ppp0 -s 192.168.0.0/16 -j DROP iptables -t nat -A PREROUTING -i ppp0 -s 10.0.0.0/8 -j DROP iptables -t nat -A PREROUTING -i ppp0 -s 172.16.0.0/12 -j DROP #æå¼æ¬æºç«¯å£ iptables -A INPUT -p tcp -m --dport 22 -j ACCEPT intables -A INPUT -p tcp -m --dport 21 -j ACCEPT iptables -A INPUT -p tcp -m --dport 80 -j ACCEPT
