iptables 规则我什么也不能做

Question

我有这个 iptables 配置，它应该可以让我从同一子网中的远程计算机执行 ssh，但我什至不能执行 ping。发生什么事了？

Chain INPUT (policy DROP)
target      prot opt source     destination
ACCEPT      all  --  anywhere   anywhere
ACCEPT      all  --  anywhere   anywhere    state RELATED,ESTABLISHED
WHITELIST   tcp  --  anywhere   anyrhere    tcp dpt:ssh
            tcp  --  anywhere   anywhere    tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
LOG         all  --  anywhere   anywhere    recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source LOG level warning
DROP        all  --  anywhere   anywhere    recent: UPDATE seconds: 30 hit_count: 6 name: DEFAULT side: source
ACCEPT      tcp  --  anywhere   anywhere    tcp dpt:ssh state NEW

Chain FORWARD (policy DROP)
target      prot opt source     destination

Chain OUTPUT (policy DROP)
target      prot opt source     destination
ACCEPT      all  --  anywhere   anywhere    state RELATED,ESTABLISHED

Chain WHITELIST (1 references)
target      prot opt source             destination
RETURN      all  --  192.168.0.0/24     anywhere
RETURN      all  --  192.168.1.0/24     anywhere
RETURN      all  --  192.168.2.0/24     anywhere
RETURN      all  --  192.168.3.0/24     anywhere
DROP        all  --  anywhere           anywhere

Answer 1

根据这些规则，您只能从某些本地网络进行 SSH 访问。其他一切都被禁止，包括 ping 使用的 ICMP。使用以下命令，您将打开对您机器的访问权限 “/sbin/iptables -I INPUT -j ACCEPT”，但这些限制是有原因的，因此最好事先咨询您的网络管理员。

iptables 规则我什么也不能做

iptables rules I can't do nothing

firewall

iptables

netfilter