LINUX动态防火墙，自己机器上的

[朱珠]

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- cache-cqdp.cta.net.cn anywhere tcp
flags:!SYN,RST,ACK/SYN
ACCEPT udp -- cache-cqdp.cta.net.cn anywhere
ACCEPT tcp -- 61.128.192.68 anywhere tcp
flags:!SYN,RST,ACK/SYN
ACCEPT udp -- 61.128.192.68 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
DROP all -- anywhere 255.255.255.255
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
LSI all -f anywhere anywhere limit: avg
10/min burst 5
INBOUND all -- anywhere anywhere
INBOUND all -- anywhere 222.181.134.115
INBOUND all -- anywhere 222.181.134.115
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Input'

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere limit: avg
10/sec burst 5
TCPMSS tcp -- anywhere anywhere tcp
flags:SYN,RST/SYN TCPMSS clamp to PMTU
OUTBOUND all -- anywhere anywhere
ACCEPT tcp -- anywhere 222.181.134.115 state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere 222.181.134.115 state
RELATED,ESTABLISHED
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Forward'

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 222.181.134.115 cache-cqdp.cta.net.cn tcp
dpt:domain
ACCEPT udp -- 222.181.134.115 cache-cqdp.cta.net.cn udp
dpt:domain
ACCEPT tcp -- 222.181.134.115 61.128.192.68 tcp dpt:domain
ACCEPT udp -- 222.181.134.115 61.128.192.68 udp dpt:domain
ACCEPT all -- anywhere anywhere
DROP all -- BASE-ADDRESS.MCAST.NET/8 anywhere
DROP all -- anywhere BASE-ADDRESS.MCAST.NET/8
DROP all -- 255.255.255.255 anywhere
DROP all -- anywhere 0.0.0.0
DROP all -- anywhere anywhere state INVALID
OUTBOUND all -- anywhere anywhere
OUTBOUND all -- anywhere anywhere
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level
info prefix `Unknown Output'

Chain INBOUND (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
LSI all -- anywhere anywhere

Chain LOG_FILTER (5 references)
target prot opt source destination

Chain LSI (2 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:SYN,RST,ACK/SYN
LOG tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5 LOG level info prefix
`Inbound '
DROP tcp -- anywhere anywhere tcp
flags:FIN,SYN,RST,ACK/RST
LOG icmp -- anywhere anywhere icmp
echo-request limit: avg 1/sec burst 5 LOG level info prefix `Inbound '
DROP icmp -- anywhere anywhere icmp
echo-request
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Inbound '
DROP all -- anywhere anywhere

Chain LSO (0 references)
target prot opt source destination
LOG_FILTER all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg
5/sec burst 5 LOG level info prefix `Outbound '
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable

Chain OUTBOUND (3 references)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

--
使用 Opera 革命性的电子邮件客户程序: http://www.opera.com/mail/