引用
# iptables -I INPUT 3 -d 10.12.11.2/32 -p tcp -m tcp --dport 65529 -j ACCEPT
# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT ! -i lo -p tcp -m tcp --tcp-flags RST RST -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 10.12.11.2/32 -p tcp -m tcp --dport 65529 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -j DROP
-A INPUT -d 10.12.11.2/32 -p tcp -m tcp --dport 65529 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -o lo -j ACCEPT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -j DROP
引用
# cat /etc/resolv.conf
nameserver 10.11.0.2
nameserver 8.8.8.8
nameserver 8.8.4.4
引用
# nslookup www.freebsd.org
Server: 10.11.0.2
Address: 10.11.0.2#53
Non-authoritative answer:
www.freebsd.org canonical name = wfe0.nyi.freebsd.org.
Name: wfe0.nyi.freebsd.org
Address: 96.47.72.84
在 0.042 秒内创建了带有 18 查询的页面。