I mitt fall gäller det allt det här: *************************************
iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE iptables -P FORWARD ACCEPT echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/conf/all/log_martians echo 1 > /proc/sys/net/ipv4/conf/default/log_martians echo 1 > /proc/sys/net/ipv4/conf/eth0/log_martians echo 1 > /proc/sys/net/ipv4/conf/eth1/log_martians echo 1 > /proc/sys/net/ipv4/conf/lo/log_martians echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_source_route echo 0 > /proc/sys/net/ipv4/conf/lo/accept_source_route echo 1 > /proc/sys/net/ipv4/tcp_syncookies echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/eth1/accept_redirects echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects *********************************************************** ifconfig sit0 up ifconfig sit0 inet6 tunnel ::64.71.128.82 ifconfig sit1 up ifconfig sit1 inet6 add 2001:470:1F00:FFFF::46F/127 route -A inet6 add ::/0 dev sit1 ***************************************************************** Och sedan dom här ip:na som jag vill stoppa direkt vid uppstart: /sbin/iptables -I INPUT -s 64.156.198.0/24 -j DROP && /sbin/iptables -I INPUT -s 64.156.198.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 217.116.227.153 -j DROP && /sbin/iptables -I INPUT -s 217.116.227.153 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 195.242.36.4 -j DROP && /sbin/iptables -I INPUT -s 195.242.36.4 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 217.209.111.155 -j DROP && /sbin/iptables -I INPUT -s 217.209.111.155 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 202.95.23.0/24 -j DROP && /sbin/iptables -I INPUT -s 202.95.23.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 212.2.211.0/24 -j DROP && /sbin/iptables -I INPUT -s 212.2.211.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 80.135.140.0/24 -j DROP && /sbin/iptables -I INPUT -s 80.135.140.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 202.71.153.0/24 -j DROP && /sbin/iptables -I INPUT -s 202.71.153.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 64.113.90.0/24 -j DROP && /sbin/iptables -I INPUT -s 64.113.90.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 195.98.43.0/24 -j DROP && /sbin/iptables -I INPUT -s 195.98.43.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 200.56.236.0/24 -j DROP && /sbin/iptables -I INPUT -s 200.56.236.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 80.71.1.0/24 -j DROP && /sbin/iptables -I INPUT -s 80.71.1.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 219.163.187.0/24 -j DROP && /sbin/iptables -I INPUT -s 219.163.187.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 61.118.173.0/24 -j DROP && /sbin/iptables -I INPUT -s 61.118.173.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 212.66.200.0/24 -j DROP && /sbin/iptables -I INPUT -s 212.66.200.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 202.60.228.0/24 -j DROP && /sbin/iptables -I INPUT -s 202.60.228.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 198.78.66.0/24 -j DROP && /sbin/iptables -I INPUT -s 198.78.66.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 24.226.32.0/24 -j DROP && /sbin/iptables -I INPUT -s 24.226.32.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 211.92.184.0/24 -j DROP && /sbin/iptables -I INPUT -s 211.92.184.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 213.138.34.0/24 -j DROP && /sbin/iptables -I INPUT -s 213.138.34.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 193.251.185.0/24 -j DROP && /sbin/iptables -I INPUT -s 193.251.185.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 195.92.95.0/24 -j DROP && /sbin/iptables -I INPUT -s 195.92.95.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 147.156.160.0/24 -j DROP && /sbin/iptables -I INPUT -s 147.156.160.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 218.71.120.0/24 -j DROP && /sbin/iptables -I INPUT -s 218.71.120.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 205.151.202.0/24 -j DROP && /sbin/iptables -I INPUT -s 205.151.202.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 212.11.49.0/24 -j DROP && /sbin/iptables -I INPUT -s 212.11.49.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 80.61.76.0/24 -j DROP && /sbin/iptables -I INPUT -s 80.61.76.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' /sbin/iptables -I INPUT -s 64.56.238.0/24 -j DROP && /sbin/iptables -I INPUT -s 64.56.238.0/24 -m limit --limit 3/minute --limit-burst 5 -j LOG --log-level DEBUG --log-prefix 'Portsentry: dropping: ' Lite jobbigt o klippa och klistra alla det här vid uppstart. :( Du vet inga bättre regler som är "aggresivare" än dom jag har Har du lust o förklara lite närmare? ( Är ganska ny på det här ) ( Ursäkta om det blev lite stort mail, Men måste ju visa vad jag menar. ) Mvh /Thomas Tommy Lindgren wrote: > > [EMAIL PROTECTED] writes: > > > Om jag vill att så mycke som möjlig konfigureras vid start. Var lägger > > jag det? > > T.ex: iptables -A POSTROUTING -t nat -s 192.168.0.0/24 -j MASQUERADE, > > Tja, jag brukar då skapa ett skript i /etc/init.d och sedan > länkar jag till det från /etc/rc2.d. I ditt fall skulle du kanske > kunna använda dig av iptables-skriptet (/etc/init.d/iptables) > som konfigureras från /etc/default/iptables. > > > echo 1 > /proc/sys/net/ipv4/ip_forward > > Den där kan man iaf sätta i /etc/network/options. > > tomyl:~$ cat /etc/network/options > ip_forward=yes > ... > > -- > Tommy Lindgren | o y @ i u . u > 41A942131CAA5C | t m l l n x n > ^C^C
