| 1 |
> Õ ÔÅÂÑ ×ÅÄØ ÐÏ ÕÍÏÌÞÁÎÉÀ iptables -P FORWARD DROP |
| 2 |
> Á ACCEPT ÄÌÑ ÎÅÇÏ ÎÅÔ. ÎÁÄÏ ÅÝ£ |
| 3 |
> |
| 4 |
> $IPTABLES -A FORWARD -i eth0 -j ACCEPT |
| 5 |
> $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT |
| 6 |
|
| 7 |
óÐÁÓÉÂÏ ÚÁ ÐÏÄÓËÁÚËÕ! ÷ ÉÔÏÇÅ ËÏÎÆÉÇ ÆÁÅÒ×ÏÌÁ ÐÒÅ×ÒÁÔÉÌÓÑ × ÓÌÅÄÕÀÝÅÅ:
|
| 8 |
====================/etc/ppp/ip-up.local==========================
|
| 9 |
EXTIF=ppp+
|
| 10 |
|
| 11 |
ANY=0.0.0.0/0
|
| 12 |
|
| 13 |
iptables -F
|
| 14 |
iptables -t nat -F
|
| 15 |
iptables -t mangle -F
|
| 16 |
iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
|
| 17 |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
| 18 |
iptables -A INPUT -m state --state NEW -i ! $EXTIF -j ACCEPT
|
| 19 |
iptables -A INPUT -m state --state NEW -i $EXTIF -j LOG
|
| 20 |
iptables -A INPUT -p icmp -j ACCEPT
|
| 21 |
iptables -A INPUT -i $EXTIF -d $ANY -p udp --dport 0:1023 -j LOG
|
| 22 |
iptables -A INPUT -i $EXTIF -d $ANY -p tcp --dport 0:1023 -j LOG
|
| 23 |
iptables -P INPUT DROP
|
| 24 |
=========================================================
|
| 25 |
|
| 26 |
îÏ ×ÏÚÎÉËÌÁ ÄÒÕÇÁÑ ÐÒÏÂÌÅÍÁ. ip-up.local ÎÅ ×ÙÐÏÌÎÑÅÔÓÑ ÐÒÉ ËÏÎÎÅËÔÅ! èÏÔÑ ×
|
| 27 |
ËÏÎÃÅ /etc/ppp/ip-up ÅÓÔØ ÓÔÒÏËÁ:
|
| 28 |
[ -f /etc/ppp/ip-up.local ] && . /etc/ppp/ip-up.local "$@"
|
| 29 |
|
| 30 |
Ô.Å. ÏÎ ÖÅ ÄÏÌÖÅÎ ×ÙÐÏÌÎÑÔØÓÑ! åÓÌÉ ÐÏÌÓÅ ËÏÎÎÅËÔÁ ×ÒÕÞÎÕÀ ÚÁÐÕÓÔÉÔØ
|
| 31 |
/etc/ppp/ip-up.local ÔÏ ÏÎ ×ÙÐÏÌÎÑÅÔÓÑ É ÆÁÅÒ×ÏÌØÎÙÅ ÐÒÁ×ÉÌÁ ÓÏÚÄÁÀÔÓÑ.
|
| 32 |
|
| 33 |
--
|
| 34 |
Maxim Ivanov <redbaron@××××.ru>
|
| 35 |
|
| 36 |
|
| 37 |
--
|
| 38 |
gentoo-user-ru@g.o mailing list |
Archives