如何用iptables禁用本机回显
发表于 : 2007-07-27 21:57
网上看到一段代码
使自己不能ping 通 127.0.0.1
iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
可自己试了一下,不行。
想起以前在fedora 6 下用的firewall-standalone脚本如下
#!/bin/sh
#
# firewall-standalone This script sets up firewall rules for a standalone
# machine
#
# Copyright (C) 2000 Roaring Penguin Software Inc. This software may
# be distributed under the terms of the GNU General Public License, version
# 2 or any later version.
# LIC: GPL
# Interface to Internet
EXTIF=ppp+
ANY=0.0.0.0/0
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -F -t nat
# Deny TCP and UDP packets to privileged ports
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j DROP
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j DROP
# Deny TCP connection attempts
iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP
# Deny ICMP echo-requests
iptables -A INPUT -i $EXTIF -s $ANY -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo done
运行后,还是不行,觉得百思不得其解。
我用的系统是ubuntu 7.04,因为装了firestarter,本想用它禁回显的,可惜不知怎么设置,就想到了iptables,请高手解惑。
使自己不能ping 通 127.0.0.1
iptables -A INPUT -s 127.0.0.1 -p icmp -j DROP
可自己试了一下,不行。
想起以前在fedora 6 下用的firewall-standalone脚本如下
#!/bin/sh
#
# firewall-standalone This script sets up firewall rules for a standalone
# machine
#
# Copyright (C) 2000 Roaring Penguin Software Inc. This software may
# be distributed under the terms of the GNU General Public License, version
# 2 or any later version.
# LIC: GPL
# Interface to Internet
EXTIF=ppp+
ANY=0.0.0.0/0
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F INPUT
iptables -F OUTPUT
iptables -F -t nat
# Deny TCP and UDP packets to privileged ports
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j DROP
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j DROP
# Deny TCP connection attempts
iptables -A INPUT -i $EXTIF -p tcp --syn -j DROP
# Deny ICMP echo-requests
iptables -A INPUT -i $EXTIF -s $ANY -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo done
运行后,还是不行,觉得百思不得其解。
我用的系统是ubuntu 7.04,因为装了firestarter,本想用它禁回显的,可惜不知怎么设置,就想到了iptables,请高手解惑。