¥D¾÷¬G»Ù,¤v­×½Æ¤¤

2home

¦U¦ì¤£¦n·N«ä,¬Q¤é±ß¶¡,¦³¤£©ú¬y¶q,¾É­P·í¾÷,¥Ø«e¨t²Î¤v­«Äé,¨t²Î«ì´_¤¤! ¦p¦³¤£«K,·q½Ð¨£½Ì!

kevin

SHARE§Ú¥ÎªºFIREWALL SCRIPT
¦³¤@­Ó¦Û­qCHAIN,¥i¥H¾×SYN-FLOODING
¤£¹L¦³«Ü¦h°Ñ¼Æ»Ý­n¦A­×§ï²Å¦X¦Û¥Î..
¨S¦³°µROUTER,¤]¤£¥ÎFORWARD CHAIN,¨S°µNAT¤]¤£¥Î,³æ¯ÂSERver,¥u­n¥Îinput chain

#!/bin/bash
#=========<<enable linux router>>===========
echo "1" > /proc/sys/net/ipv4/ip_forward
#=========<<define related syn_flooding rule>>======
rm -f /etc/modprobe.conf
modprobe ipt_recent ip_list_tot=16384
iptables -N SYN_FLOODING
#=========<<erase original rule>>===========
iptables -t filter -F
iptables -t nat -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
#=========<<set variability>>===============
WAN=10.10.96.33
LAN=172.21.60.7
IPTF="/sbin/iptables -t filter"
IPTN="/sbin/iptables -t nat"
#=========<<Define input filter chain>>======
#$IPTF -A INPUT -p icmp -j ACCEPT
$IPTF -A INPUT -p all -m state --state INVALID -j DROP
$IPTF -A INPUT -p tcp --syn --dport 3128 -m limit --limit 1/m --limit-burst 300 -j ACCEPT
$IPTF -A INPUT -p tcp --syn --dport 3128 -j SYN_FLOODING
$IPTF -A INPUT -p tcp -s 172.21.60.0/23 -m state --state NEW -m multiport --dports 21,22,3128 -d 172.21.60.7 -j ACCEPT
$IPTF -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
#=========<<define syn_flooding chain>>==========
$IPTF -A SYN_FLOODING -p tcp --syn --dport 3128 -m recent --name SYN_FLOODING --update --second 120 --hitcount 1 -j ACCEPT
$IPTF -A SYN_FLOODING -p tcp --syn --dport 3128 -m recent --name SYN --set
$IPTF -A SYN_FLOODING -p tcp --syn -j DROP
#=========<Define forward filter chain>>===========
$IPTF -A FORWARD -p all -m state --state INVALID -j DROP
$IPTF -A FORWARD -i eth1 -o eth0 -p all -m state --state NEW -s 172.21.60.0/23 -j ACCEPT
$IPTF -A FORWARD -i eth1 -o eth0 -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
#=========<<Define nat postrouting chain>>==============
$IPTN -A POSTROUTING -o eth0 -s 172.21.60.0/23 -j SNAT --to $WAN
#=========<<Define trasparent proxy>>===================
$IPTN -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
#=======================<<the end>>=======================================

2home

À³¸ÓÁÙ¦n,²{¦b¤j³£¬O¨î¦¡¤Æ¤F,¦³®É°¸µoª¬ªp,´NÅý¦Û¤v¤Wºòµo±ø,ĵÙEĵÙE!

¾÷©Ð¤º¬O¥NºÞ,¹³remote hands-on³q±`¤]¬O­n¥I¿úªº,³Ì¦hÀ°§A§K¶O­«¶}¾÷,¤£¥i¯àÀ°§A­×Å@¨t²Îªº~~
¯¸¤j¦pªG­nÀ°¦£¦A«ü¥Ü§a~~
kevin µoªí©ó 2010-6-1 22:38

2home

¦]¬°¬O¯²¥D¾÷¥NºÞªºªA°È,»Ý­n¦Û¤v¶R¾÷¾¹©MÄé¨t²Î,¦A§â¾÷¾¹±H©ñ¦b¦³ÀW¼e¦³§N®ð¦³³Æ¹q·½ªº¾÷©Ð,©M¤@¯ë¯²µêÀÀ¥D¾÷©M¨ä¥¦·~ªÌ¦@¨É¥D¾÷¤£¦P.

³q±`·í±¼,·|¥ý¥´¹q¸Ü³qª¾¼t°ÓÀ°¦£­«·s¶}¾÷,¦ý­Y¶}¤£°_¨Ó,¨Æ±¡³£¤ñ¸û¤j±ø,¤£¬OµwÅéÃa´N¬O§@·~¨t²Î¶Ã±¼,´N¥u¦n¿Ë¦Û¤W°}Åo!

µLÀvªºªA°ÈÀqÀqªº¥I¥X¬O³Ì°ª¶Qªº±¡¾Þ, «Ü¦h¤H¥ú»¡¤£°µ,¬Ý¨ì´Nı±o«Ü»Àµø. ¯¸¤jÀqÀq¥I¥X§Ú­Ì³£·P¨ü¨ì¤F¤j­·¤j«BÁÙ­n«n¥_°ª³t¤½¸ô©bªi¡A§¤¦b®a¸ÌµÎªA¼µÛ¤G­¦»L¤W2home ı±o«Ü¦³ºp·N©O. ¥t, ¾÷©Ð¤£¬O¦³ºûÅ@¤ä´©¶Ü? §Ú¥H ...
william8864 µoªí©ó 2010-6-1 21:28

kevin

¾÷©Ð¤º¬O¥NºÞ,¹³remote hands-on³q±`¤]¬O­n¥I¿úªº,³Ì¦hÀ°§A§K¶O­«¶}¾÷,¤£¥i¯àÀ°§A­×Å@¨t²Îªº~~
¯¸¤j¦pªG­nÀ°¦£¦A«ü¥Ü§a~~

william8864

µLÀvªºªA°ÈÀqÀqªº¥I¥X¬O³Ì°ª¶Qªº±¡¾Þ, «Ü¦h¤H¥ú»¡¤£°µ,¬Ý¨ì´Nı±o«Ü»Àµø. ¯¸¤jÀqÀq¥I¥X§Ú­Ì³£·P¨ü¨ì¤F¤j­·¤j«BÁÙ­n«n¥_°ª³t¤½¸ô©bªi¡A§¤¦b®a¸ÌµÎªA¼µÛ¤G­¦»L¤W2home ı±o«Ü¦³ºp·N©O. ¥t, ¾÷©Ð¤£¬O¦³ºûÅ@¤ä´©¶Ü? §Ú¥H¬°¤@³q¹q¸Ü´N¦³¤uµ{®v·d©w©O£»

smhu

25# 2home

¯¸ªø¿n¤À«Ü¦h¤F¡A©Ò¥H´N¤£¥Î¦A¥[¤À¹ªÀy¤F...¬°±zªº¨¯­W¥I¥X©ç©ç¤â...ºÞ¹Lºô¯¸ªº¤H³£ª¾¹D...­ü...³¾¨Æ¤@ÅÚµ¨...ÁÂ...ÁÂÁÂ...¨¯­W±z°Õ...

2home

·PÁ¦U¦ìªº¹ªÀy! ­ì¥»¦¨¥ß2home¥u¬O¬°¤F¿³½ì,«á¨Ó¤]¶R¤F¦a,¤]µ²¥æ¤F«Ü¦hªB¤Í,¤]ºCºCªº¦³¤@¥÷¹D¼w³d¥ô¦b,ÁöµMºûÅ@¤½¶}¶}©ñªº½×¾Â,Ãø§K·|¸I¨ì¤@¨Ç¯¸°È°ÝÃD,¦ý¬O¤@©w·|°í«ù¤U¥hªº,¨Ã¯à°÷¦b³Ì§Öªºª¬ªp¤U«ì´_¥¿±`,¤£Åý¦U¦ì·|­û¥¢±æªº!

«Cµì¬Ó¦Z

20# µL¬È©~
¥[¢°

°ª¾ð·s²¾¥Áa

ÁÂÁ¯¸¤j¡A
·Q¤W2homeƒjµLªk³s¤W¡A³o®É­Ô´N§óª¾¹D­n¬Ã±¤2home¤F