会iptables的帮帮我吧。关于Coyote Linux
想在路由上通过设置防火墙规则实现让局域网中的电脑只能访问外网指定域名的网站,其余什么都不能访问,包括qq等网络应用软件。但是在Coyote Linux中的防火墙配置文件中不知道如何写,请高手帮忙,下面是防火墙配置文件中默认的内容,谁能大概翻译说明一下,万分感谢。#!/bin/sh
#
# Local Custom Firewall rules
# Level 7 Filtering example rules:
# Block Kazaa, Morpheus, iMesh, Grokster, eDonkey, eMule, DC++, etc:
#iptables -t mangle -A POSTROUTING -m layer7 --l7proto fasttrack -j DROP
#iptables -t mangle -A POSTROUTING -m layer7 --l7proto edonkey -j DROP
#iptables -t mangle -A POSTROUTING -m layer7 --l7proto directconnect -j DROP
# Other Examples:
#iptables -t mangle -A POSTROUTING -m layer7 --l7proto ftp -j LOG
#iptables -t mangle -A POSTROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 1
#
# To see a list of all available protocols use this command:
# ls /etc/l7-protocols
# Attention: To enable the commands below can cause some side effects
# Syn-flood and DOS protection
#iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT
# Port Scanners protection
#iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
#iptables -A FORWARD -p tcp --tcp-flags ALL SYN,ACK -j DROP
# Ping-of-dead protection
#iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# IP Spoofing protection
#iptables -A INPUT -s 10.0.0.0/8 -i $IF_INET -j DROP
#iptables -A INPUT -s 172.16.0.0/16 -i $IF_INET -j DROP
#iptables -A INPUT -s 192.168.0.0/24 -i $IF_INET -j DROP 先去看下书啦,首先要自己对那些知识有一定的了解,再问问别人,书上都有的
页:
[1]