iptables 规则我什么也不能做
iptables rules I can't do nothing
我有这个 iptables 配置,它应该可以让我从同一子网中的远程计算机执行 ssh,但我什至不能执行 ping。发生什么事了?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
WHITELIST tcp -- anywhere anyrhere tcp dpt:ssh
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
LOG all -- anywhere anywhere recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source LOG level warning
DROP all -- anywhere anywhere recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain WHITELIST (1 references)
target prot opt source destination
RETURN all -- 192.168.0.0/24 anywhere
RETURN all -- 192.168.1.0/24 anywhere
RETURN all -- 192.168.2.0/24 anywhere
RETURN all -- 192.168.3.0/24 anywhere
DROP all -- anywhere anywhere
根据这些规则,您只能从某些本地网络进行 SSH 访问。其他一切都被禁止,包括 ping 使用的 ICMP。
使用以下命令,您将打开对您机器的访问权限
“/sbin/iptables -I INPUT -j ACCEPT”,但这些限制是有原因的,因此最好事先咨询您的网络管理员。
我有这个 iptables 配置,它应该可以让我从同一子网中的远程计算机执行 ssh,但我什至不能执行 ping。发生什么事了?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
WHITELIST tcp -- anywhere anyrhere tcp dpt:ssh
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
LOG all -- anywhere anywhere recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source LOG level warning
DROP all -- anywhere anywhere recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain WHITELIST (1 references)
target prot opt source destination
RETURN all -- 192.168.0.0/24 anywhere
RETURN all -- 192.168.1.0/24 anywhere
RETURN all -- 192.168.2.0/24 anywhere
RETURN all -- 192.168.3.0/24 anywhere
DROP all -- anywhere anywhere
根据这些规则,您只能从某些本地网络进行 SSH 访问。其他一切都被禁止,包括 ping 使用的 ICMP。 使用以下命令,您将打开对您机器的访问权限 “/sbin/iptables -I INPUT -j ACCEPT”,但这些限制是有原因的,因此最好事先咨询您的网络管理员。