iptables

mjet i administratës për IPv4 pako filtrimin dhe NAT

kopje
114
23
iptables -A INPUT -p sctp --dport 80 -j DROP

detajet |

kopje
57
12
iptables -A OUTPUT -p tcp --sport ftp -j ACCEPT

detajet |

kopje
47
12
iptables -t mangle -A POSTROUTING -o eth0 -j RATEEST --rateest-name eth0 --rateest-interval 250ms --rateest-ewma 0.5s

detajet |

kopje
43
20
iptables -p icmp -h

detajet |

kopje
41
4
iptables -L INPUT

detajet |

kopje
40
9
iptables -t mangle -A balance -m conntrack --ctstate NEW -m helper --helper ftp -m rateest --rateest-delta --rateest1 eth0 --rateest-bps1 2.5mbit --rateest-gt --rateest2 ppp0 --rateest-bps2 2mbit -j CONNMARK --set-mark 1

detajet |

kopje
39
5
iptables -A FORWARD -m recent --name badguy --rcheck --seconds 60 -j DROP

detajet |

kopje
37
4
iptables -A INPUT -p tcp --dport 21 -j ACCEPT

detajet |

kopje
33
5
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT

detajet |

kopje
28
5
iptables -A FORWARD -p tcp -i eth0 --dport 139 -m recent --name badguy --set -j DROP

detajet |

kopje
28
3
iptables -A INPUT -p tcp -s 123.123.123.123 -j REJECT --reject-with tcp-reset

detajet |

kopje
27
3
iptables -A INPUT -p sctp --chunk-types any DATA:Be -j ACCEPT

detajet |

kopje
27
4
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

detajet |

kopje
27
2
iptables -t nat -I PREROUTING -i eth0 -j LOG --log-prefix "incoming " --log-level 5

detajet |

kopje
24
2
iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT

detajet |

kopje
24
4
iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT

detajet |

kopje
24
2
iptables -t mangle -A balance -j CONNMARK --restore-mark

detajet |

kopje
17
1
iptables -A INPUT -p sctp --chunk-types any DATA,INIT -j DROP

detajet |

kopje
15
4
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

detajet |

kopje
4
0
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN

burim | detajet |