сохранение правил iptables для Debian

Posted in Новости on 14 марта, 2011 by admin

проверяем список правил :

iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

__________________________________________
Заносим новые правила

iptables -I OUTPUT -p tcp —dport 22 -j REJECT
iptables -I OUTPUT -p tcp —dport 6666 -j REJECT
iptables -I OUTPUT -p tcp —dport 6667 -j REJECT

__________________________________________
смотрим список :

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp — anywhere anywhere tcp dpt:ssh reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpt:ircd reject-with icmp-port-unreachable
REJECT tcp — anywhere anywhere tcp dpt:6666 reject-with icmp-port-unreachable

__________________________________________
сохраняем в файл :

/sbin/iptables-save > /etc/rules

__________________________________________
файл примет такой вид :

/sbin/iptables-save
# Generated by iptables-save v1.4.2 on Tue Mar 15 00:40:49 2011
*filter
:INPUT ACCEPT [424:32280]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [235:33180]
-A OUTPUT -p tcp -m tcp —dport 22 -j REJECT —reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp —dport 6667 -j REJECT —reject-with icmp-port-unreachable
-A OUTPUT -p tcp -m tcp —dport 6666 -j REJECT —reject-with icmp-port-unreachable
COMMIT
# Completed on Tue Mar 15 00:40:49 2011

__________________________________________
заносим восстановление из файла списка правил в автозагрузку :

cat /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will «exit 0» on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
/sbin/iptables-restore /etc/rules
exit 0

Tags: , ,