Linux学习笔记--iptables

iptables -t(建立一个table) filter – A(添加) -I(插入) -D(删除) -F(清除) -L(显示)

iptables -A INPUT -s(源) 192.168.0.2 -p(协议) tcp –dport 22(目标端口) -j DROP

iptables -I INPUT 2 -s 192.168.0.2 -j ACCEPT(将规则插入到第二行，默认插入在第一行)

iptables -D INPUT 3(删除第三行)

iptables -P INPUT DROP(deny anything | ACCEPT) -F清除不了-P

iptables -A INPUT -p TCP –dport 1:50(1到50端口) –sport ! 20(感叹号和数字分开) -s 192.168.0.0./24 -d 192.168.0.254 -j REJECT

iptables -L -n(不反向解析)

 

-m state

iptables -A INPUT -s 192.168.0.2 -m state –state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -m state –state NEW -p tcp –dport 80 -j ACCEPT

iptables -A INPUT -m limit –limit 2000/s -j ACCEPT

iptables -A INPUT -m limit –limit 2200/s -j log –log–level 5 –log–profix “DDOS Attack”

service iptables save

 

SNAT

vi /etc.sysconfig  forword=1

iptables -t nat -A POSTROUTING -o ppp0 -s 192.268.1.0/24 -j SNAT –to 211.1.1.1

iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.1.0/24 -j MASQUERADE（自动获取公网地址）

iptables -F(默认清除filter)

iptables -t nat -F（清除nat）

iptables -t nat -L

 

 SQUID

iptables -t nat -A PREROUTING -i eth0 -s 192.168.0.0/24 -p tcp –dport 80 -j REDIRECT –to-ports 3128

/etc/squid/squid.conf

 

PREROUTING

iptables -t nat -A PREROUTING -p tcp –dport 80 -i ppp0 -j DNAT –to 192.168.0.2:80