logo

한국어

OpenWRT 기본 방화벽 룰셋

관리자 2014.06.03 15:49 조회 수 : 92

iptables -t filter -P INPUT ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD DROP
iptables -t filter -N delegate_input
iptables -t filter -N delegate_output
iptables -t filter -N delegate_forward
iptables -t filter -N reject
iptables -t filter -N input_rule
iptables -t filter -N output_rule
iptables -t filter -N forwarding_rule
iptables -t filter -N syn_flood
iptables -t filter -N zone_lan_input
iptables -t filter -N zone_lan_output
iptables -t filter -N zone_lan_forward
iptables -t filter -N zone_lan_src_ACCEPT
iptables -t filter -N zone_lan_dest_ACCEPT
iptables -t filter -N input_lan_rule
iptables -t filter -N output_lan_rule
iptables -t filter -N forwarding_lan_rule
iptables -t filter -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
iptables -t filter -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
iptables -t filter -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
iptables -t filter -N zone_wan_input
iptables -t filter -N zone_wan_output
iptables -t filter -N zone_wan_forward
iptables -t filter -N zone_wan_src_REJECT
iptables -t filter -N zone_wan_dest_ACCEPT
iptables -t filter -N input_wan_rule
iptables -t filter -N output_wan_rule
iptables -t filter -N forwarding_wan_rule
iptables -t filter -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
iptables -t filter -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
iptables -t filter -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
iptables -t filter -D INPUT -j delegate_input
iptables -t filter -A INPUT -j delegate_input
iptables -t filter -D OUTPUT -j delegate_output
iptables -t filter -A OUTPUT -j delegate_output
iptables -t filter -D FORWARD -j delegate_forward
iptables -t filter -A FORWARD -j delegate_forward
iptables -t filter -A delegate_input -i lo -j ACCEPT
iptables -t filter -A delegate_output -o lo -j ACCEPT
iptables -t filter -A delegate_input -m comment --comment "user chain for input" -j input_rule
iptables -t filter -A delegate_output -m comment --comment "user chain for output" -j output_rule
iptables -t filter -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
iptables -t filter -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
iptables -t filter -A syn_flood -j DROP
iptables -t filter -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
iptables -t filter -A reject -p tcp -j REJECT --reject-with tcp-reset
iptables -t filter -A reject -j REJECT --reject-with icmp-port-unreachable
iptables -t filter -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
iptables -t filter -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
iptables -t filter -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
iptables -t filter -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_lan_input -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_forward -j zone_lan_src_ACCEPT
iptables -t filter -A zone_lan_output -j zone_lan_dest_ACCEPT
iptables -t filter -D zone_lan_src_ACCEPT -i br-lan -j ACCEPT
iptables -t filter -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
iptables -t filter -D zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
iptables -t filter -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
iptables -t filter -D delegate_input -i br-lan -j zone_lan_input
iptables -t filter -A delegate_input -i br-lan -j zone_lan_input
iptables -t filter -D delegate_output -o br-lan -j zone_lan_output
iptables -t filter -A delegate_output -o br-lan -j zone_lan_output
iptables -t filter -D delegate_forward -i br-lan -j zone_lan_forward
iptables -t filter -A delegate_forward -i br-lan -j zone_lan_forward
iptables -t filter -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
iptables -t filter -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
iptables -t filter -A zone_wan_input -j zone_wan_src_REJECT
iptables -t filter -A zone_wan_forward -j zone_wan_src_REJECT
iptables -t filter -A zone_wan_output -j zone_wan_dest_ACCEPT
iptables -t filter -D zone_wan_dest_ACCEPT -o eth0.2 -j ACCEPT
iptables -t filter -A zone_wan_dest_ACCEPT -o eth0.2 -j ACCEPT
iptables -t filter -D zone_wan_src_REJECT -i eth0.2 -j reject
iptables -t filter -A zone_wan_src_REJECT -i eth0.2 -j reject
iptables -t filter -D delegate_input -i eth0.2 -j zone_wan_input
iptables -t filter -A delegate_input -i eth0.2 -j zone_wan_input
iptables -t filter -D delegate_output -o eth0.2 -j zone_wan_output
iptables -t filter -A delegate_output -o eth0.2 -j zone_wan_output
iptables -t filter -D delegate_forward -i eth0.2 -j zone_wan_forward
iptables -t filter -A delegate_forward -i eth0.2 -j zone_wan_forward
iptables -t filter -A delegate_forward -j reject
iptables -t nat -N delegate_prerouting
iptables -t nat -N delegate_postrouting
iptables -t nat -N prerouting_rule
iptables -t nat -N postrouting_rule
iptables -t nat -N zone_lan_postrouting
iptables -t nat -N zone_lan_prerouting
iptables -t nat -N prerouting_lan_rule
iptables -t nat -N postrouting_lan_rule
iptables -t nat -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
iptables -t nat -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
iptables -t nat -N zone_wan_postrouting
iptables -t nat -N zone_wan_prerouting
iptables -t nat -N prerouting_wan_rule
iptables -t nat -N postrouting_wan_rule
iptables -t nat -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
iptables -t nat -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
iptables -t nat -D PREROUTING -j delegate_prerouting
iptables -t nat -A PREROUTING -j delegate_prerouting
iptables -t nat -D POSTROUTING -j delegate_postrouting
iptables -t nat -A POSTROUTING -j delegate_postrouting
iptables -t nat -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
iptables -t nat -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
iptables -t nat -D delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -A delegate_prerouting -i br-lan -j zone_lan_prerouting
iptables -t nat -D delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A delegate_postrouting -o br-lan -j zone_lan_postrouting
iptables -t nat -A zone_wan_postrouting -j MASQUERADE
iptables -t nat -D delegate_prerouting -i eth0.2 -j zone_wan_prerouting
iptables -t nat -A delegate_prerouting -i eth0.2 -j zone_wan_prerouting
iptables -t nat -D delegate_postrouting -o eth0.2 -j zone_wan_postrouting
iptables -t nat -A delegate_postrouting -o eth0.2 -j zone_wan_postrouting
iptables -t mangle -N mssfix
iptables -t mangle -N fwmark
iptables -t mangle -D FORWARD -j mssfix
iptables -t mangle -A FORWARD -j mssfix
iptables -t mangle -D PREROUTING -j fwmark
iptables -t mangle -A PREROUTING -j fwmark
iptables -t mangle -D mssfix -p tcp -o eth0.2 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-
iptables -t mangle -A mssfix -p tcp -o eth0.2 -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-
iptables -t raw -N delegate_notrack
iptables -t raw -D PREROUTING -j delegate_notrack
iptables -t raw -A PREROUTING -j delegate_notrack

번호 제목 날짜 조회 수
8 OpenWRT VLAN 설정 2014.05.14 263
7 OpenWRT에 pure-ftpd 설치하기 2014.05.04 33
6 ipTIME N604M 2014.05.03 197
5 TP-Link TL-WR740N 2014.05.03 50
4 OpenWRT StrongSwan IPSec VPN 설정 file 2014.05.02 160
3 OpenWRT Package 제작 2014.05.02 78
2 OpenWRT Cross Compile 2014.05.01 341
1 CentOS x86_64에 libmagic 최신버전 설치 2014.04.25 20