WEB开发网
开发学院网络安全防火墙 动态iptables防火墙dynfw 阅读

动态iptables防火墙dynfw

 2006-04-03 12:36:22 来源:WEB开发网   
核心提示: #!/bin/bash source /usr/local/share/dynfw.sh args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR. Good for obnoxious ne

#!/bin/bash

source /usr/local/share/dynfw.sh

args 2 $# "${0} IPADDR {on/off}" "Drops packets to/from IPADDR. Good for obnoxious networks/hosts/DoS"

if [ "$2" == "on" ]

then

#rules will be appended or inserted as normal

APPEND="-A"

INSERT="-I"

rec_check ipdrop $1 "$1 already blocked" on

record ipdrop $1

elif [ "$2" == "off" ]

then

#rules will be deleted instead

APPEND="-D"

INSERT="-D"

rec_check ipdrop $1 "$1 not currently blocked" off

unrecord ipdrop $1

else

echo "Error: "off" or "on" expected as second argument"

exit 1

fi

#block outside IP address thats causing problems

#attackers incoming TCP connections will take a minute or so to time out,

#reducing DoS effectiveness.

iptables $INSERT INPUT -s $1 -j DROP

iptables $INSERT OUTPUT -d $1 -j DROP

iptables $INSERT FORWARD -d $1 -j DROP

iptables $INSERT FORWARD -s $1 -j DROP

echo "IP ${1} drop ${2}."

ipdrop:解释

从上面的脚本源代码中最后四行内容可以看到实际的命令是在防火墙表中插入适当的规则。可以看到$INSERT变量的值取决于在命令行参数中是使用"on"还是"off"模式。当iptables行被执行时特定的规则将被适当的插入或删除。

上一页  1 2 3 4 5 6  下一页

Tags:动态 iptables 防火墙

编辑录入:爽爽 [复制链接] [打 印]
赞助商链接