Situatie
Solutie
Cum se adaugă mai multe surse in iptables
Sintaxa este:
iptables -A INPUT -d ip1,ip2,ip3 -j ACCEPT
iptables -A INPUT -d ip1,ip2,ip3 -j DROP
iptables -I INPUT -d ip1,ip2,ip3 -s ip2 -j DROP
Cateva exemple:
iptables -A INPUT -d 192.168.1.5,192.168.1.6 -j ACCEPT
iptables -A INPUT -d 192.168.1.5,192.168.1.6 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -d 192.168.1.5,192.168.1.6 -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT
Pentru a vedea rularea regulii adăugate:
iptables -t filter -L INPUT -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5632 6156K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1 80 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
553 128K INPUT_direct all -- * * 0.0.0.0/0 0.0.0.0/0
553 128K INPUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0
553 128K INPUT_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
551 128K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ACCEPT tcp -- * * 192.168.1.0/24 192.168.1.5 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.1.0/24 192.168.1.6 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.5 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.6 tcp dpt:22
0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.1.5
0 0 ACCEPT all -- * * 0.0.0.0/0 192.168.1.6
0 0 ACCEPT tcp -- * * 192.168.1.5 192.168.1.254 tcp dpt:443
0 0 ACCEPT tcp -- * * 192.168.2.6 192.168.1.254 tcp dpt:443
Nota!
Este posibil să creați un nou utilizator
iptables -N ALLOWED
iptables -A ALLOWED -d 127.0.0.0/8 -j RETURN
iptables -A ALLOWED -d 192.168.1.0/24 -j RETURN
iptables -A ALLOWED -d 205.54.1.5 -j RETURN
iptables -A INPUT -j ALLOWED
Vedeți pagina manului iptables pentru mai multe informații:
man iptables
Leave A Comment?