|
|
楼主 |
发表于 2006-9-28 17:14:39
|
显示全部楼层
多谢楼上的朋友,你让我的思想更进了一步,可还是不明了,这些东西该具体怎么改,我把内容贴出来,供大家来研究一下,我也不是很明白
fw_custom_before_antispoofing() {
# these rules will be loaded before any anti spoofing rules will be
# loaded. Effectively the only filter lists already effective are
# 1) allow any traffic via the loopback interface, 2) allow DHCP stuff,
# 3) allow SAMBA stuff [2 and 3 only if FW_SERVICE_... are set to "yes"]
# You can use this hook to prevent logging of uninteresting broadcast
# packets or to allow certain packet through the anti-spoofing mechanism.
#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
true
}
fw_custom_after_antispoofing() { # could also be named "before_port_splitting()"
# these rules will be loaded after the anti-spoofing and icmp handling
# but before any IP protocol or TCP/UDP port allow/protection rules
# will be set.
# You can use this hook to allow/deny certain IP protocols or TCP/UDP
# ports before the SuSEfirewall2 generated rules are hit.
#example: always filter backorifice/netbus trojan connect requests and log them.
#for target in LOG DROP; do
# for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do
# iptables -A $chain -j $target -p tcp --dport 31337
# iptables -A $chain -j $target -p udp --dport 31337
# iptables -A $chain -j $target -p tcp --dport 12345:12346
# iptables -A $chain -j $target -p udp --dport 12345:12346
# done
#done
true
}
fw_custom_before_port_handling() {
# these rules will be loaded after the anti-spoofing and icmp handling
# and after the input has been redirected to the input_XXX and
# forward_XXX chains and some basic chain-specific anti-circumvention
# rules have been set,
# but before any IP protocol or TCP/UDP port allow/protection rules
# will be set.
# You can use this hook to allow/deny certain IP protocols or TCP/UDP
# ports before the SuSEfirewall2 generated rules are hit.
true
}
fw_custom_before_masq() { # could also be named "after_port_handling()"
# these rules will be loaded after the IP protocol and TCP/UDP port
# handling, but before any IP forwarding (routing), masquerading
# will be done.
# NOTE: reverse masquerading is before directly after
# fw_custom_before_port_handling !!!!
# You can use this hook to ... hmmm ... I'm sure you'll find a use for
# this ...
true
}
fw_custom_before_denyall() { # could also be named "after_forwardmasq()"
# these are the rules to be loaded after IP forwarding and masquerading
# but before the logging and deny all section is set by SuSEfirewall2.
# You can use this hook to prevent the logging of annoying packets.
#example: prevent logging of talk requests from anywhere
#for chain in input_ext input_dmz input_int forward_int forward_ext forward_dmz; do
# iptables -A $chain -j DROP -p udp --dport 517:518
#done
true
} |
|
IP卡
狗仔卡
发表于 2006-9-28 09:15:05
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡