主页 > 知识库 > 服务器 > Linux/BSD >

linux iptable设置实践(2)

来源:中国IT实验室 作者:佚名 发表于:2013-07-11 10:54  点击:
iptables -A httpuser -j DROP #-----------------------------------User-------start------------------------ # HeQuanXin iptables -A FORWARD -m mac --mac-source 00:1A:6B:35:A5:66 -j httpuser # xiangshud

iptables -A httpuser -j DROP
  #-----------------------------------User-------start------------------------
  # HeQuanXin
  iptables -A FORWARD -m mac --mac-source 00:1A:6B:35:A5:66 -j httpuser
  # xiangshude
  iptables -A FORWARD -m mac --mac-source 00:E0:4C:41:49:C4 -j httpuser
  # shiyayun
  iptables -A FORWARD -m mac --mac-source C8:9C:DC:D2:55:7A -j poweruser
  # chenmingxiang
  iptables -A FORWARD -m mac --mac-source 54:04:A6:58:A3:EE -j poweruser
  # wangxiaoping
  iptables -A FORWARD -m mac --mac-source 00:B0:C4:04:A1:7E -j httpuser
  # chengmeirong
  iptables -A FORWARD -m mac --mac-source 90:2B:34:2D:E6:5B -j httpuser
  # zhangyinbo
  iptables -A FORWARD -m mac --mac-source 14:DA:E9:D2:3F:DF -j httpuser
  # luxiaoxiong
  iptables -A FORWARD -m mac --mac-source 90:2B:34:CB:31:EE -j httpuser
  #-----------------------------------HTTPUser-------end--------------------------
  #-----------------------------------------------------------------------------------
  # Block Xunlei
  iptables -A FORWARD -d 58.61.39.0/24 -j REJECT
  iptables -A FORWARD -d 121.9.209.6 -j REJECT
  iptables -A FORWARD -d 121.9.209.7 -j REJECT
  iptables -A FORWARD -d 121.9.209.3 -j REJECT
  iptables -A FORWARD -d 61.183.55.216 -j REJECT
  iptables -A FORWARD -d 61.183.55.218 -j REJECT
  iptables -A FORWARD -d 61.183.55.222 -j REJECT
  iptables -A FORWARD -d 220.172.191.36 -j REJECT
  iptables -A FORWARD -d 121.11.69.108 -j REJECT
  iptables -A FORWARD -d 125.91.8.77 -j REJECT
  iptables -A FORWARD -d 218.6.13.134 -j REJECT
  iptables -A FORWARD -d 219.133.48.0/24 -j REJECT
  iptables -A FORWARD -d 219.133.49.0/24 -j REJECT
  iptables -A FORWARD -d 219.129.83.0/24 -j REJECT
  iptables -A FORWARD -d 219.133.60.0/24 -j REJECT
  iptables -A FORWARD -d 210.21.118.141 -j REJECT
  iptables -A FORWARD -d 210.21.118.147 -j REJECT
  iptables -A FORWARD -d 210.21.118.149 -j REJECT
  iptables -A FORWARD -d 221.238.251.118 -j REJECT
  iptables -A FORWARD -d 221.238.252.127 -j REJECT
  iptables -A FORWARD -d 221.238.252.154 -j REJECT
  iptables -A FORWARD -d 221.238.252.155 -j REJECT
  iptables -A FORWARD -d 221.238.252.233 -j REJECT
  iptables -A FORWARD -d 221.238.253.246 -j REJECT
  iptables -A FORWARD -d 222.208.156.0/24 -j REJECT
  iptables -A FORWARD -d 203.110.168.233 -j REJECT
  iptables -A FORWARD -d 208.115.244.194 -j REJECT
  iptables -A FORWARD -d 65.19.183.185 -j REJECT
  #Block BT
  iptables -A FORWARD -p tcp --dport 6880:6881 -j REJECT
  iptables -A FORWARD -p udp --dport 6880:6881 -j REJECT
  # Invalid connect drop
  iptables -A FORWARD -m state --state INVALID -j DROP
  # Accept the already establised connection
  iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  # Set the FORWARD chain to DENY
  iptables -P FORWARD DROP

有帮助
(0)
0%
没帮助
(0)
0%