|
|
楼主 |
发表于 2004-11-25 16:44:13
|
显示全部楼层
我的iptables文件内容怎么是这样的啊,我靠
#!/bin/sh
#
# Startup script to implement /etc/sysconfig/iptables pre-defined rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with iptables.
#
# by [email protected], based on the ipchains script:
# Script Author: Joshua Jensen <[email protected]>
# -- hacked up by gafton with help from notting
# modified by Anton Altaparmakov <[email protected]>:
# modified by Nils Philippsen <[email protected]>
#
# config: /etc/sysconfig/iptables
# Source 'em up
. /etc/init.d/functions
IPTABLES_CONFIG=/etc/sysconfig/iptables
if [ ! -x /sbin/iptables ]; then
exit 0
fi
KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
if [ "$KERNELMAJ" -lt 2 ] ; then
exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 3 ] ; then
exit 0
fi
if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
# Don't do both
exit 0
fi
iftable() {
if fgrep -qsx $1 /proc/net/ip_tables_names; then
iptables -t "$@"
fi
}
start() {
# don't do squat if we don't have the config file
if [ -f $IPTABLES_CONFIG ]; then
# If we don't clear these first, we might be adding to
# pre-existing rules.
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
echo -n $"Flushing all current rules and user defined chains:"
let ret=0
for i in $chains; do iptables -t $i -F; let ret+=$?; done
iptables -F
let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo
echo -n $"Clearing all current rules and user defined chains:"
let ret=0
for i in $chains; do iptables -t $i -X; let ret+=$?; done
iptables -X
let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo
for i in $chains; do iptables -t $i -Z; done
echo -n $"Applying iptables firewall rules: "
grep -v "^[[:space:]]*#" $IPTABLES_CONFIG | grep -v '^[[:space:]]*$' | /sbin/iptables-restore -c && \
success || \
failure
echo
touch /var/lock/subsys/iptables
fi
}
stop() {
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
echo -n $"Flushing all chains:"
let ret=0
for i in $chains; do iptables -t $i -F; let ret+=$?; done
iptables -F; let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo
echo -n $"Removing user defined chains:"
let ret=0
for i in $chains; do iptables -t $i -X; let ret+=$?; done
iptables -X; let ret+=$?
if [ $ret -eq 0 ]; then
success
else
failure
fi
echo
echo -n $"Resetting built-in chains to the default ACCEPT policy:"
iftable filter -P INPUT ACCEPT && \
iftable filter -P OUTPUT ACCEPT && \
iftable filter -P FORWARD ACCEPT && \
iftable nat -P PREROUTING ACCEPT && \
iftable nat -P POSTROUTING ACCEPT && \
iftable nat -P OUTPUT ACCEPT && \
iftable mangle -P PREROUTING ACCEPT && \
iftable mangle -P POSTROUTING ACCEPT && \
iftable mangle -P INPUT ACCEPT && \
iftable mangle -P OUTPUT ACCEPT && \
iftable mangle -P FORWARD ACCEPT && \
success || \
failure
echo
rm -f /var/lock/subsys/iptables
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;
condrestart)
[ -e /var/lock/subsys/iptables ] && start
;;
status)
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
for table in $tables; do
echo $"Table: $table"
iptables -t $table --list
done
;;
panic)
echo -n $"Changing target policies to DROP: "
iftable filter -P INPUT DROP && \
iftable filter -P FORWARD DROP && \
iftable filter -P OUTPUT DROP && \
iftable nat -P PREROUTING DROP && \
iftable nat -P POSTROUTING DROP && \
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.
# This is really only here to make those who expect it happy
start
;;
condrestart)
[ -e /var/lock/subsys/iptables ] && start
;;
status)
tables=`cat /proc/net/ip_tables_names 2>/dev/null`
for table in $tables; do
echo $"Table: $table"
iptables -t $table --list
done
;;
panic)
echo -n $"Changing target policies to DROP: "
iftable filter -P INPUT DROP && \
iftable filter -P FORWARD DROP && \
iftable filter -P OUTPUT DROP && \
iftable nat -P PREROUTING DROP && \
iftable nat -P POSTROUTING DROP && \
iftable nat -P OUTPUT DROP && \
iftable mangle -P PREROUTING DROP && \
iftable mangle -P OUTPUT DROP && \
iftable mangle -P POSTROUTING DROP && \
iftable mangle -P INPUT DROP && \
iftable mangle -P FORWARD DROP && \
success || failure |
|
IP卡
狗仔卡
发表于 2004-11-24 20:29:26
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
发表于 2004-11-26 12:13:30