Iptables的奇怪问题
时间:2011-01-04
来源:互联网
本帖最后由 frank533 于 2011-01-04 10:59 编辑
我的iptables脚本如下:
#!/bin/bash
#Enable broadcast echo protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#Disable source routed packects
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done
#Enable TCP SYN Cookie protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
#Define Const
OPEN_PORTS='22,137,138,139,445'
WAN='eth0'
IPT='/sbin/iptables'
#Init policy
$IPT -F
$IPT -X
$IPT -P INPUT DROP
#Enable lo interface
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
#Define rules
$IPT -A INPUT -i $WAN -p udp --sport 53 -j ACCEPT
$IPT -A INPUT -i $WAN -p tcp -m multiport --port $OPEN_PORTS -j ACCEPT
#Define rules for PING
$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPT -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset
$IPT -A INPUT -i $WAN -p udp -j REJECT --reject-with icmp-port-unreachable
大家帮我看看有哪里写的不对?我运行时总是提示:
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
我的系统是ubuntu10.04 server ,iptables是系统自带的1.4.4版
再就是运行后虽然提示错误,但防火墙仍然生效。iptables -L显示如下:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere multiport ports ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds
ACCEPT icmp -- anywhere anywhere icmp echo-reply
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
其中红色那行显示所有端口均是ACCEPT,那是不是说其实后面的规则其实没用?
我的iptables脚本如下:
#!/bin/bash
#Enable broadcast echo protection
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#Disable source routed packects
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done
#Enable TCP SYN Cookie protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
echo 3 > /proc/sys/net/ipv4/tcp_synack_retries
#Define Const
OPEN_PORTS='22,137,138,139,445'
WAN='eth0'
IPT='/sbin/iptables'
#Init policy
$IPT -F
$IPT -X
$IPT -P INPUT DROP
#Enable lo interface
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
#Define rules
$IPT -A INPUT -i $WAN -p udp --sport 53 -j ACCEPT
$IPT -A INPUT -i $WAN -p tcp -m multiport --port $OPEN_PORTS -j ACCEPT
#Define rules for PING
$IPT -A INPUT -p icmp --icmp-type 0 -j ACCEPT
$IPT -A INPUT -i $WAN -p tcp -j REJECT --reject-with tcp-reset
$IPT -A INPUT -i $WAN -p udp -j REJECT --reject-with icmp-port-unreachable
大家帮我看看有哪里写的不对?我运行时总是提示:
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
/etc/init.d/rc.firewall: line 7: echo: write error: Invalid argument
我的系统是ubuntu10.04 server ,iptables是系统自带的1.4.4版
再就是运行后虽然提示错误,但防火墙仍然生效。iptables -L显示如下:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere multiport ports ssh,netbios-ns,netbios-dgm,netbios-ssn,microsoft-ds
ACCEPT icmp -- anywhere anywhere icmp echo-reply
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
其中红色那行显示所有端口均是ACCEPT,那是不是说其实后面的规则其实没用?
作者: frank533 发布时间: 2011-01-04
--port 应该是--dports吧
作者: chenyx 发布时间: 2011-01-04
回复 chenyx
不是这个问题,这么写是说源端口与目的端口一样。是可以这么写的。--dports是特指目的端口
不是这个问题,这么写是说源端口与目的端口一样。是可以这么写的。--dports是特指目的端口
作者: frank533 发布时间: 2011-01-04
相关阅读 更多
热门阅读
-
office 2019专业增强版最新2021版激活秘钥/序列号/激活码推荐 附激活工具
阅读:74
-
如何安装mysql8.0
阅读:31
-
Word快速设置标题样式步骤详解
阅读:28
-
20+道必知必会的Vue面试题(附答案解析)
阅读:37
-
HTML如何制作表单
阅读:22
-
百词斩可以改天数吗?当然可以,4个步骤轻松修改天数!
阅读:31
-
ET文件格式和XLS格式文件之间如何转化?
阅读:24
-
react和vue的区别及优缺点是什么
阅读:121
-
支付宝人脸识别如何关闭?
阅读:21
-
腾讯微云怎么修改照片或视频备份路径?
阅读:28
