Portál AbcLinuxu, 21. července 2025 08:44
echo 1 > /proc/sys/net/ipv4/ip_forward; modprobe ip_conntrack_ftp; iptables -P INPUT DROP; iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 21 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT iptables -A INPUT -i eth1 -p udp --dport 137 -j ACCEPT iptables -A INPUT -i eth1 -p udp --dport 138 -j ACCEPT iptables -A INPUT -i eth1 -p tcp --dport 139 -j ACCEPT iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 631 -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -A INPUT -i eth0 -p icmp -j ACCEPT iptables -A INPUT -i eth1 -p icmp -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; iptables -t nat -A PREROUTING -p tcp --dport 411 -d 81.27.200.49 -j DNAT --to 192.168.1.11:411; iptables -t nat -A PREROUTING -p udp --dport 411 -d 81.27.200.49 -j DNAT --to 192.168.1.11:411; iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP iptables -A FORWARD -i eth0 -p tcp -d 192.168.1.11 --dport 411 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -p udp -d 192.168.1.11 --dport 411 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -p tcp -d 192.168.1.11 --dport 5010 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -A FORWARD -i eth0 -j DROPa jeste se chci zeptat tyto radky mam ulozene v /etc/init.d/rc je to dobre nebo je lepsi misto kam je dat?
iptables -A INPUT -i eth0 -p tcp --dport 411 -j ACCEPT iptables -A INPUT -i eth0 -p udp --dport 411 -j ACCEPT
#open ports 411,412 tcp and 410, 413 udp and 4111, 4112 tcp and 4110,4113 udp for incoming trafic and iptables -A INPUT -p tcp --dport 411 -j ACCEPT iptables -A INPUT -p tcp --dport 412 -j ACCEPT iptables -A INPUT -p tcp --dport 4111 -j ACCEPT iptables -A INPUT -p tcp --dport 4112 -j ACCEPT iptables -A INPUT -p udp --dport 410 -j ACCEPT iptables -A INPUT -p udp --dport 413 -j ACCEPT iptables -A INPUT -p udp --dport 4110 -j ACCEPT iptables -A INPUT -p udp --dport 4113 -j ACCEPT iptables -t nat -A PREROUTING -p tcp --dport 411 -i $1 -j DNAT --to-destination 192.168.1.100 iptables -t nat -A PREROUTING -p tcp --dport 4111 -i $1 -j DNAT --to-destination 192.168.1.100 iptables -t nat -A PREROUTING -p tcp --dport 412 -i $1 -j DNAT --to-destination 192.168.1.200 iptables -t nat -A PREROUTING -p tcp --dport 4112 -i $1 -j DNAT --to-destination 192.168.1.200 iptables -t nat -A PREROUTING -p udp --dport 410 -i $1 -j DNAT --to-destination 192.168.1.100 iptables -t nat -A PREROUTING -p udp --dport 4110 -i $1 -j DNAT --to-destination 192.168.1.100 iptables -t nat -A PREROUTING -p udp --dport 413 -i $1 -j DNAT --to-destination 192.168.1.200 iptables -t nat -A PREROUTING -p udp --dport 4113 -i $1 -j DNAT --to-destination 192.168.1.200
Tiskni
Sdílej:
ISSN 1214-1267, (c) 1999-2007 Stickfish s.r.o.