Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min bu rst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min bu rst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,E STABLISHED
LOG all -- anywhere anywhere limit: avg 3/min bu rst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTAB LISHED icmp redirect
LOG tcp -- anywhere anywhere limit: avg 3/min bu rst 5 tcp dpt:5801 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-op tions prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:5801
LOG tcp -- anywhere anywhere limit: avg 3/min bu rst 5 tcp dpt:5901 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-op tions prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:5901
LOG tcp -- anywhere anywhere limit: avg 3/min bu rst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-opt ions prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
reject_func tcp -- anywhere anywhere tcp dpt:ident sta te NEW
LOG all -- anywhere anywhere limit: avg 3/min bu rst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2- INext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min bu rst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options pre fix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min bu rst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min bu rst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min bu rst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext- DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-res et
REJECT udp -- anywhere anywhere reject-with icmp-po rt-unreachable
REJECT all -- anywhere anywhere reject-with icmp-pr oto-unreachable
hugang:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp redirect
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5801 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:5801
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:5901 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:5901
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
suse 默认的iptables
时间: 2024-08-31 01:48:37
suse 默认的iptables的相关文章
linux中suse防火墙配置ssh的步骤
最近由于工作需要开始玩SuSe ,由于之前用惯了centos ,在SuSe上使用iptables -nL可以查看到防火墙的配置,确找不到配置文件.而在/etc/init.d下的服务名在SuSe下也变马了SuSEfirewall2_init 和 SuSEfirewall2_setup ,如下: 361way:/ # chkconfig --list |grep -i fire SuSEfirewall2_init 0:off 1:off 2:off 3:on 4:on
Linux防火墙iptables简明教程
前几天微魔部落再次遭受到个别别有用心的攻击者的攻击,顺便给自己充个电,复习了一下linux下常见的防火墙iptables的一些内容,但是无奈网上的很多教程都较为繁琐,本着简明化学习的目的,微魔为大家剔除了许多冗余的内容,提取出尽量多的精华部分成文,和大家共同学习,本文涉及的内容包括如下 Linux防火墙iptables简明教程 1.安装iptables 2.查看现有的iptables规则 3.删除某iptables规则 4.清除现有iptables规则 5.创建规则 6.设置开机启动 7.保
iptables常用实例备查(更新中)
1. 普通规则 1.1 操作规则 iptables -nL 查看本机关于iptables的设置情况,默认查看的是-t filter,可以指定-t nat iptables-save > iptables.rule 会保存当前的防火墙规则设置,命令行下通过iptables配置的规则在下次重启后会失效,当然这也是为了防止错误的配置防火墙.默认读取和保存的配置文件地址为/etc/sysconfig/iptables. 设置chain默认策略 iptables -P INPUT DROP iptable
IPtables 详解
Linux 的内置firewall机制,是通过kernel中的netfilter模块实现的(www.netfilter.ort).Linux kernel使用netfilter对进出的数据包进行过滤,netfilter由三个规则表组成,每个表又有许多内建的链组成.通过使用iptables命令可以对这些表链进行操作,如添加.删除和列出规则等. 一.Netfilter规则表-filter nat mangle filter,用于路由网络数据包.是默认的,也就是说如果没有指定-t参数,当创建一条新规则
Linux学习笔记防火墙Iptables使用详解
一.Iptables介绍 linux的包过滤功能,即linux防火墙,它由netfilter 和 iptables 两个组件组成. netfilter 组件也称为内核空间,是内核的一部分,由一些信息包过滤表组成,这些表包含内核用来控制信息包过滤处理的规则集. iptables 组件是一种工具,也称为用户空间,它使插入.修改和除去信息包过滤表中的规则变得容易. 二.Iptables结构 iptables -> Tables -> Chains -> Rules tabl
linux中IPTABLES常用的例子
1.安装iptables 很多Linux已经默认安装iptables,可使用后文的查看命令测试是否安装 CentOS/RedHat下执行: yum install iptablesDebian/Ubuntu下执行: apt-get install iptables iptables –F 例子 #删除已经存在的规则 iptables -P INPUT DROP #配置默认的拒绝规则.基本规则是:先拒绝所有的服务,然后根据需要再添加新的规则. iptables -A INPUT -p tcp --
Linux中iptables防火墙配置指南
一.安装软件 我们购买的VPS,一般都已经预装iptables,可以先检查下iptables状态,确认是否安装. service iptables status若提示为iptables:unrecognized service,则需要安装.yum install iptables #CentOS系统apt-get install iptables #Debian系统二.配置规则以下命令我们以CentOS为例,敬请留意.安装好的iptables配置文件在/etc/sysconfig/ip
VPS中ssh登录不上之iptables防火墙问题
代码如下 复制代码 # 查看状态 $ service iptables status # 查看规则 $ iptables -L -n # 清除默认规则 $ iptables -F $ iptables -X $ iptables -Z #####建立新的规则###### # 允许本地回环 127.0.0.1 $ iptables -A INPUT -i lo -p all -j ACCEPT # 允许已经建立的所有连接 $ iptables -A INPUT -p all -m state -
linux中VPS 上配置 iptables 防火墙方法
ssh都登录不上去,上去很艰难的查了日志,发现几个ip访问异常,应该是某插件的爬虫,之前把图简单iptables禁用了,只能再次开启,主要命令如下: 代码如下 复制代码 # 查看状态 service iptables status # 查看规则 iptables -L -n # 清除默认规则 iptables -F iptables -X iptables -Z #####建立新的规则###### # 允许本地回环 127.0.0.1 iptables -A INPUT -i lo