作者 主题: Debian 10 定制 iptables / ip6tables 个人桌面防火墙,(方法之二),  (阅读 6995 次)

离线 jingyue

  • 自由发言用户
  • 注册用户
  • **
  • 帖子: 1492
  • 科学与预言交汇-特大瘟疫箭在弦上
Debian 10 定制 iptables / ip6tables 个人桌面防火墙,(方法之二),

0),内容摘要,

Debian 10 定制 iptables 个人桌面防火墙规则,可屏蔽 GFW 中间人 RST 攻击,其过滤表规则( IPv4部分 )如下,

# Generated by xtables-save v1.8.2
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags RST RST -j LOG --log-prefix RST_attack --log-ip-options
-A INPUT -p tcp -m tcp --tcp-flags RST RST -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOG --log-prefix input_droped --log-ip-options
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOG --log-prefix forward_droped --log-ip-options
-A FORWARD -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -o lo -j ACCEPT
-A OUTPUT -m state --state NEW -j ACCEPT
# -A OUTPUT -j LOG --log-ip-options --log-prefix "output_droped"
# -A OUTPUT -j DROP
COMMIT
# Completed

1),全文链接,

Debian 10 定制 iptables 个人桌面防火墙规则,


2),参考链接,

Debian 10 查看防火墙记录,


« 最后编辑时间: 九月 11, 2019, 07:28:20 am 作者 jingyue »

世上几人醒
https://gb.falundafa.org/chigb/hy4/hy4-051.htm
真相
https://gb.falundafa.org/chigb/hy4/hy4-067.htm
唱给你的歌
https://gb.falundafa.org/chigb/hy4/hy4-069.htm
真实的理
https://gb.falundafa.org/chigb/hy4/hy4-071.htm
救度
https://gb.falundafa.org/chigb/hy4/hy4-073.htm
神没有失言
https://gb.falundafa.org/chigb/hy4/hy4-075.htm
创世主在召唤
https://gb.falundafa.org/chigb/hy4/hy4-078.htm
创世主已来
https://gb.falundafa.org/chigb/hy4/hy4-101.htm
历史的教训
https://gb.falundafa.org/chigb/hy4/hy4-102.htm
还有希望
https://gb.falundafa.org/chigb/hy4/hy4-103.htm
催促
https://gb.falundafa.org/chigb/hy4/hy4-110.htm
坐观红尘
https://gb.falundafa.org/chigb/hy4/hy4-117.htm
再一次选择
https://gb.falundafa.org/chigb/hy4/hy4-127.htm
何时醒
https://gb.falundafa.org/chigb/hy4/hy4-131.htm
正在救度机缘一霎那
https://gb.falundafa.org/chigb/hy4/hy4-134.htm
灵不灵
https://gb.falundafa.org/chigb/hy4/hy4-135.htm
怎么办
https://gb.falundafa.org/chigb/hy4/hy4-136.htm
明白真相已被救
https://gb.falundafa.org/chigb/hy4/hy4-137.htm

http://www.minghui.org/mh/articles/2012/11/3/未来人的神话——忆师尊在哈尔滨传法-264844.html
http://www.minghui.org/mh/articles/2020/5/23/珍贵的回忆-六次参加师父讲法传功班-406703.html
http://www.minghui.org/mh/articles/2020/6/5/回忆师父广州第五期传功讲法班-407224.html
https://www.minghui.org/mh/articles/2020/6/6/回忆参加师父哈尔滨传法班的点滴-407174.html
http://www.minghui.org/mh/articles/2020/9/15/回忆当年直接聆听师尊传功讲法的情景-411825.html
https://www.minghui.org/mh/articles/2020/9/21/乱世中的绿洲-香港天梯书店开张-412084.html
http://www.minghui.org/mh/articles/2020/9/28/视频-法轮大法功法介绍-412364.html
http://www.minghui.org/mh/articles/2020/8/23/法轮功创造的医学奇迹(9)-410495.html
http://www.minghui.org/mh/articles/2020/10/1/世界各地大法弟子中秋佳节叩谢师恩-412994.html
https://www.minghui.org/mh/articles/2020/10/17/英文视频-西方人介绍法轮功-413910.html
http://www.minghui.org/mh/articles/2020/12/7/2020年台湾逾6千人法会-师尊致贺词(图)-416132.html

离线 jingyue

  • 自由发言用户
  • 注册用户
  • **
  • 帖子: 1492
  • 科学与预言交汇-特大瘟疫箭在弦上
 

Debian 10 设置个人桌面防火墙 iptables / ip6tables 规则,(方法之一),


1),新建一个文本文件,名字为 iptables.rules,(支持 IPv4),
把下面引用的内容复制粘贴到 iptables.rules 里面,保存,
引用
# Generated by xtables-save v1.8.2
*filter
:INPUT DROP [0:0]                                                                         
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags RST RST -j LOG --log-ip-options --log-prefix "RST_attack"
-A INPUT -p tcp -m tcp --tcp-flags RST RST -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j LOG --log-ip-options --log-prefix "input_droped"
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOG --log-ip-options --log-prefix "forward_droped"
-A FORWARD -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -o lo -j ACCEPT
-A OUTPUT -m state --state NEW -j ACCEPT
# -A OUTPUT -j LOG --log-ip-options --log-prefix "output_droped"
# -A OUTPUT -j DROP
COMMIT
# Completed



2),新建一个文本文件,名字为 ip6tables.rules,(支持 IPv6),

把下面引用的内容复制粘贴到 ip6tables.rules 里面,保存,

引用
# Generated by xtables-save v1.8.2
*filter
:INPUT DROP [0:0]                                                                         
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -s ::1/128 -d ::1/128 -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags RST RST -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s ::1/128 -d ::1/128 -o lo -j ACCEPT
-A OUTPUT -m state --state NEW -j ACCEPT
-A OUTPUT -j DROP
COMMIT
# Completed



3),新建一个文本文件,名字为 firewall2,(可执行的脚本),
把下面引用的内容复制粘贴到 firewall2 里面,保存,
引用
#!/bin/sh

/sbin/iptables-restore < /etc/iptables.rules

/sbin/ip6tables-restore < /etc/ip6tables.rules



4),终端命令,

引用
# cp iptables.rules /etc/

引用
# cp ip6tables.rules /etc/

引用
# chmod +x firewall2

引用
# cp firewall2 /etc/network/if-pre-up.d/

引用
# reboot


全文结束,


参考链接,
https://wiki.debian.org/iptables

« 最后编辑时间: 九月 11, 2019, 01:24:31 am 作者 jingyue »

世上几人醒
https://gb.falundafa.org/chigb/hy4/hy4-051.htm
真相
https://gb.falundafa.org/chigb/hy4/hy4-067.htm
唱给你的歌
https://gb.falundafa.org/chigb/hy4/hy4-069.htm
真实的理
https://gb.falundafa.org/chigb/hy4/hy4-071.htm
救度
https://gb.falundafa.org/chigb/hy4/hy4-073.htm
神没有失言
https://gb.falundafa.org/chigb/hy4/hy4-075.htm
创世主在召唤
https://gb.falundafa.org/chigb/hy4/hy4-078.htm
创世主已来
https://gb.falundafa.org/chigb/hy4/hy4-101.htm
历史的教训
https://gb.falundafa.org/chigb/hy4/hy4-102.htm
还有希望
https://gb.falundafa.org/chigb/hy4/hy4-103.htm
催促
https://gb.falundafa.org/chigb/hy4/hy4-110.htm
坐观红尘
https://gb.falundafa.org/chigb/hy4/hy4-117.htm
再一次选择
https://gb.falundafa.org/chigb/hy4/hy4-127.htm
何时醒
https://gb.falundafa.org/chigb/hy4/hy4-131.htm
正在救度机缘一霎那
https://gb.falundafa.org/chigb/hy4/hy4-134.htm
灵不灵
https://gb.falundafa.org/chigb/hy4/hy4-135.htm
怎么办
https://gb.falundafa.org/chigb/hy4/hy4-136.htm
明白真相已被救
https://gb.falundafa.org/chigb/hy4/hy4-137.htm

http://www.minghui.org/mh/articles/2012/11/3/未来人的神话——忆师尊在哈尔滨传法-264844.html
http://www.minghui.org/mh/articles/2020/5/23/珍贵的回忆-六次参加师父讲法传功班-406703.html
http://www.minghui.org/mh/articles/2020/6/5/回忆师父广州第五期传功讲法班-407224.html
https://www.minghui.org/mh/articles/2020/6/6/回忆参加师父哈尔滨传法班的点滴-407174.html
http://www.minghui.org/mh/articles/2020/9/15/回忆当年直接聆听师尊传功讲法的情景-411825.html
https://www.minghui.org/mh/articles/2020/9/21/乱世中的绿洲-香港天梯书店开张-412084.html
http://www.minghui.org/mh/articles/2020/9/28/视频-法轮大法功法介绍-412364.html
http://www.minghui.org/mh/articles/2020/8/23/法轮功创造的医学奇迹(9)-410495.html
http://www.minghui.org/mh/articles/2020/10/1/世界各地大法弟子中秋佳节叩谢师恩-412994.html
https://www.minghui.org/mh/articles/2020/10/17/英文视频-西方人介绍法轮功-413910.html
http://www.minghui.org/mh/articles/2020/12/7/2020年台湾逾6千人法会-师尊致贺词(图)-416132.html