Shulou(Shulou.com)06/01 Report--

This article will explain the example analysis of IPTABLES configuration for you in detail. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Iptables configuration example:

The purpose of Iptables configuration is to prevent the intrusion of the public network and to allow the brothers of the intranet to access the Internet. Before it was equipped with IPTABLES, only this machine could surf the Internet.

There is a "security level" in Rh8.0 's system Settings, which is mainly for the native and cannot be used to configure iptables. Open the Security level and assign it to the No Firewall level.

For the convenience of configuration and testing, you can first use "KWrite" to compile a "script" and use "copy" and "paste" to paste all the statements into the "terminal" at one time for execution. It is convenient to modify the test in this way.

Open "KWrite" in "other"-"accessibility", and enter or paste the following samples into it (where eth0 and eth2 are external and internal network cards, respectively):

Echo "Enable IP Forwarding..."

Echo 1 > / proc/sys/net/ipv4/ip_forward

Echo "Starting iptables rules..."

/ sbin/modprobe iptable_filter

/ sbin/modprobe ip_tables

/ sbin/modprobe iptable_nat

/ sbin/modprobe ip_nat_ftp; supports passive FTP

/ sbin/modprobe ip_conntrack_ftp

/ sbin/modprobe ip_conntrack_h423; supports NETMEETING

/ sbin/modprobe ip_nat_h423

Iptables-F INPUT

Iptables-F FORWARD

Iptables-F OUTPUT

Iptables-F POSTROUTING-t nat

Iptables-F PREROUTING-t nat

Iptables-P INPUT DROP

Iptables-P FORWARD DROP

Iptables-P OUTPUT ACCEPT

Iptables-An INPUT-I lo-j ACCEPT

Iptables-An INPUT-I eth2-j ACCEPT

Iptables-An INPUT-I eth0-m state-- state ESTABLISHED,RELATED-j ACCEPT

Iptables-A FORWARD-s 192.168.0 ACCEPT 24-j

Iptables-A FORWARD-I eth0-m state-- state ESTABLISHED,RELATED-j ACCEPT

Iptables-t nat-A POSTROUTING-o eth0-s 192.168.0.0Universe 24-j MASQUERADE

/ etc/rc.d/init.d/iptables restart

Iptables-L

Save it as a file and put it on the desktop for easy to use.

In this configuration, the default values for both the INPUT and forward FORWARD functions are DROP, which means that those that are not indicated to pass (ACCEPT) in subsequent INPUT and FORWARD statements will be rejected. This is the best security mode, and after online testing with Symantec, all public network ports are hidden. Note that all intranet ports are open and there is no internal security to speak of.

I won't say any more about the other statements, and the last one is to show the link results after the configuration is executed.

After each modification, the whole statement is copied and pasted into the "terminal", and it will be automatically configured, started, and displayed once. Modify and test repeatedly until you meet your requirements.

Finally, copy the whole sentence and paste it into the back of the "/ etc/rc.d/rc.local" file, and your configuration can be executed automatically when you boot up.

This is the end of this article on "sample Analysis of IPTABLES configuration". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.