1 |
> Õ ÔÅÂÑ ×ÅÄØ ÐÏ ÕÍÏÌÞÁÎÉÀ iptables -P FORWARD DROP |
2 |
> Á ACCEPT ÄÌÑ ÎÅÇÏ ÎÅÔ. ÎÁÄÏ ÅÝ£ |
3 |
> |
4 |
> $IPTABLES -A FORWARD -i eth0 -j ACCEPT |
5 |
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
6 |
|
7 |
óÐÁÓÉÂÏ ÚÁ ÐÏÄÓËÁÚËÕ! ÷ ÉÔÏÇÅ ËÏÎÆÉÇ ÆÁÅÒ×ÏÌÁ ÐÒÅ×ÒÁÔÉÌÓÑ × ÓÌÅÄÕÀÝÅÅ:
|
8 |
====================/etc/ppp/ip-up.local==========================
|
9 |
EXTIF=ppp+
|
10 |
|
11 |
ANY=0.0.0.0/0
|
12 |
|
13 |
iptables -F
|
14 |
iptables -t nat -F
|
15 |
iptables -t mangle -F
|
16 |
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
|
17 |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
18 |
iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
|
19 |
iptables -A INPUT -m state --state NEW -i $EXTIF -j LOG
|
20 |
iptables -A INPUT -p icmp -j ACCEPT
|
21 |
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j LOG
|
22 |
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j LOG
|
23 |
iptables -P INPUT DROP
|
24 |
=========================================================
|
25 |
|
26 |
îÏ ×ÏÚÎÉËÌÁ ÄÒÕÇÁÑ ÐÒÏÂÌÅÍÁ. ip-up.local ÎÅ ×ÙÐÏÌÎÑÅÔÓÑ ÐÒÉ ËÏÎÎÅËÔÅ! èÏÔÑ ×
|
27 |
ËÏÎÃÅ /etc/ppp/ip-up ÅÓÔØ ÓÔÒÏËÁ:
|
28 |
[ -f /etc/ppp/ip-up.local ] && . /etc/ppp/ip-up.local "$@"
|
29 |
|
30 |
Ô.Å. ÏÎ ÖÅ ÄÏÌÖÅÎ ×ÙÐÏÌÎÑÔØÓÑ! åÓÌÉ ÐÏÌÓÅ ËÏÎÎÅËÔÁ ×ÒÕÞÎÕÀ ÚÁÐÕÓÔÉÔØ
|
31 |
/etc/ppp/ip-up.local ÔÏ ÏÎ ×ÙÐÏÌÎÑÅÔÓÑ É ÆÁÅÒ×ÏÌØÎÙÅ ÐÒÁ×ÉÌÁ ÓÏÚÄÁÀÔÓÑ.
|
32 |
|
33 |
--
|
34 |
Maxim Ivanov <redbaron@××××.ru>
|
35 |
|
36 |
|
37 |
--
|
38 |
gentoo-user-ru@g.o mailing list |