??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????iptables????????????????????????????CS??????????????????????
liufei68...@gmail.com ???????? ?????? ?????????? 2014-05-15 09:42 ???????? users-cn ?????? ???????????????????????? ???????? 1.??????????????ping?? 2.????????????????????????????????A 3.????A??????????????ping?????????????????????? 4.????????????????A????????????????ping?? 5.????????????A????????????????????????????????????ping?? ??????????????????????????????????????????????????????????ping???????????????????????? ???????????????????????????? [root@iad-kvm-1 ~]# service iptables status Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 BF-br-guest all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged 2 BF-br-guest all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged 3 DROP all -- 0.0.0.0/0 0.0.0.0/0 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain BF-br-guest (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 BF-br-guest-IN all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-in --physdev-is-bridged 3 BF-br-guest-OUT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-out --physdev-is-bridged 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out eth1 --physdev-is-bridged Chain BF-br-guest-IN (1 references) num target prot opt source destination 1 i-2-505-def all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet6 --physdev-is-bridged Chain BF-br-guest-OUT (1 references) num target prot opt source destination 1 i-2-505-def all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vnet6 --physdev-is-bridged Chain i-2-505-VM (1 references) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1:65535 state NEW 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:65535 state NEW 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain i-2-505-VM-eg (1 references) num target prot opt source destination 1 RETURN udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1:65535 state NEW 2 RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:65535 state NEW 3 RETURN icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain i-2-505-def (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet6 --physdev-is-bridged udp spt:68 dpt:67 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vnet6 --physdev-is-bridged udp spt:67 dpt:68 4 RETURN udp -- 10.5.26.96 0.0.0.0/0 PHYSDEV match --physdev-in vnet6 --physdev-is-bridged udp dpt:53 5 i-2-505-VM-eg all -- 10.5.26.96 0.0.0.0/0 PHYSDEV match --physdev-in vnet6 --physdev-is-bridged 6 i-2-505-VM all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vnet6 --physdev-is-bridged
