作者 jyf1987 [dos] 2010-11-22 10:35 (点击下载)

  1. Chain INPUT (policy ACCEPT)
  2. target prot opt source destination
  3. DROP all -- anywhere anywhere state INVALID
  4. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  5. ACCEPT all -- anywhere anywhere
  6. syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
  7. input_rule all -- anywhere anywhere
  8. input all -- anywhere anywhere
  9.  
  10. Chain FORWARD (policy DROP)
  11. target prot opt source destination
  12. DROP all -- anywhere anywhere state INVALID
  13. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  14. forwarding_rule all -- anywhere anywhere
  15. forward all -- anywhere anywhere
  16. reject all -- anywhere anywhere
  17.  
  18. Chain OUTPUT (policy ACCEPT)
  19. target prot opt source destination
  20. DROP all -- anywhere anywhere state INVALID
  21. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
  22. ACCEPT all -- anywhere anywhere
  23. output_rule all -- anywhere anywhere
  24. output all -- anywhere anywhere
  25.  
  26. Chain forward (1 references)
  27. target prot opt source destination
  28. zone_lan_forward all -- anywhere anywhere
  29.  
  30. Chain forwarding_lan (1 references)
  31. target prot opt source destination
  32.  
  33. Chain forwarding_rule (1 references)
  34. target prot opt source destination
  35.  
  36. Chain forwarding_wan (1 references)
  37. target prot opt source destination
  38.  
  39. Chain input (1 references)
  40. target prot opt source destination
  41. zone_lan all -- anywhere anywhere
  42.  
  43. Chain input_lan (1 references)
  44. target prot opt source destination
  45.  
  46. Chain input_rule (1 references)
  47. target prot opt source destination
  48.  
  49. Chain input_wan (1 references)
  50. target prot opt source destination
  51.  
  52. Chain output (1 references)
  53. target prot opt source destination
  54. zone_lan_ACCEPT all -- anywhere anywhere
  55. zone_wan_ACCEPT all -- anywhere anywhere
  56.  
  57. Chain output_rule (1 references)
  58. target prot opt source destination
  59.  
  60. Chain reject (3 references)
  61. target prot opt source destination
  62. REJECT tcp -- anywhere anywhere reject-with tcp-reset
  63. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
  64.  
  65. Chain syn_flood (1 references)
  66. target prot opt source destination
  67. RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50
  68. DROP all -- anywhere anywhere
  69.  
  70. Chain zone_lan (1 references)
  71. target prot opt source destination
  72. input_lan all -- anywhere anywhere
  73. zone_lan_ACCEPT all -- anywhere anywhere
  74.  
  75. Chain zone_lan_ACCEPT (2 references)
  76. target prot opt source destination
  77. ACCEPT all -- anywhere anywhere
  78. ACCEPT all -- anywhere anywhere
  79.  
  80. Chain zone_lan_DROP (0 references)
  81. target prot opt source destination
  82. DROP all -- anywhere anywhere
  83. DROP all -- anywhere anywhere
  84.  
  85. Chain zone_lan_MSSFIX (0 references)
  86. target prot opt source destination
  87. TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
  88.  
  89. Chain zone_lan_REJECT (1 references)
  90. target prot opt source destination
  91. reject all -- anywhere anywhere
  92. reject all -- anywhere anywhere
  93.  
  94. Chain zone_lan_forward (1 references)
  95. target prot opt source destination
  96. zone_wan_MSSFIX all -- anywhere anywhere
  97. zone_wan_ACCEPT all -- anywhere anywhere
  98. forwarding_lan all -- anywhere anywhere
  99. zone_lan_REJECT all -- anywhere anywhere
  100.  
  101. Chain zone_wan (0 references)
  102. target prot opt source destination
  103. input_wan all -- anywhere anywhere
  104. zone_wan_REJECT all -- anywhere anywhere
  105.  
  106. Chain zone_wan_ACCEPT (2 references)
  107. target prot opt source destination
  108.  
  109. Chain zone_wan_DROP (0 references)
  110. target prot opt source destination
  111.  
  112. Chain zone_wan_MSSFIX (1 references)
  113. target prot opt source destination
  114.  
  115. Chain zone_wan_REJECT (2 references)
  116. target prot opt source destination
  117.  
  118. Chain zone_wan_forward (0 references)
  119. target prot opt source destination
  120. forwarding_wan all -- anywhere anywhere
  121. zone_wan_REJECT all -- anywhere anywhere

提交下面的校正或者修改. (点击这里开始一个新的帖子)
姓名: 在 cookie 中记住我的名字

屏幕抓图:(jpeg 或 png)