小试iptables

# Generated by iptables-save v1.3.5 on Wed Dec 26 10:15:08 2007
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT

-A INPUT -s 127.0.0.1 -j ACCEPT
-A OUTPUT -s 127.0.0.1 -j ACCEPT

#

#-A INPUT -p tcp –dport 80 -m limit –limit 10/second –limit-burst 80 -j ACCEPT

-A INPUT -p tcp -s 124.115.0.0/16 –dport 80 -j DROP
-A INPUT -p tcp -s 59.60.137.0/24 –dport 80 -j DROP
-A INPUT -p tcp -s 221.194.136.0/24 –dport 80 -j DROP
-A INPUT -p tcp -s 121.34.0.0/16 –dport 80 -j DROP
-A INPUT -p tcp -s 116.25.215.0/24 –dport 80 -j DROP
-A INPUT -p tcp -s 221.194.136.0/24 –dport 80 -j DROP
-A INPUT -p tcp -s 60.6.224.0/24 –dport 80 -j DROP

COMMIT
# Completed on Wed Dec 26 10:15:08 2007

发表评论

电子邮件地址不会被公开。 必填项已用*标注