Linux - статьи

I.6. Пример rc.test-iptables


#!/bin/bash # # rc.test-iptables - test script for iptables
chains and tables. # # Copyright (C) 2001 Oskar Andreasson <
bluefluxATkoffeinDOTnet> # # This program is free software; you can
redistribute it and/or modify # it under the terms of the GNU General
Public License as published by # the Free Software Foundation; version
2 of the License. # # This program is distributed in the hope
that it will be useful, # but WITHOUT ANY WARRANTY; without even
the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU
General Public License # along with this program or from the site
that you downloaded it # from; if not, write to the Free Software
Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA #

# # Filter table, all chains # iptables -t filter -A INPUT -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="filter INPUT:" iptables -t filter -A INPUT -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="filter INPUT:" iptables -t filter -A OUTPUT -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="filter OUTPUT:" iptables -t filter -A OUTPUT -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="filter OUTPUT:" iptables -t filter -A FORWARD -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="filter FORWARD:" iptables -t filter -A FORWARD -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="filter FORWARD:"

# # NAT table, all chains except OUTPUT which don't work. # iptables -t nat -A PREROUTING -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="nat PREROUTING:" iptables -t nat -A PREROUTING -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="nat PREROUTING:" iptables -t nat -A POSTROUTING -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="nat POSTROUTING:" iptables -t nat -A POSTROUTING -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="nat POSTROUTING:" iptables -t nat -A OUTPUT -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="nat OUTPUT:" iptables -t nat -A OUTPUT -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="nat OUTPUT:"


# # Mangle table, all chains # iptables -t mangle -A PREROUTING -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="mangle PREROUTING:" iptables -t mangle -A PREROUTING -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="mangle PREROUTING:" iptables -t mangle -I FORWARD 1 -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="mangle FORWARD:" iptables -t mangle -I FORWARD 1 -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="mangle FORWARD:" iptables -t mangle -I INPUT 1 -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="mangle INPUT:" iptables -t mangle -I INPUT 1 -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="mangle INPUT:" iptables -t mangle -A OUTPUT -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="mangle OUTPUT:" iptables -t mangle -A OUTPUT -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="mangle OUTPUT:" iptables -t mangle -I POSTROUTING 1 -p icmp
--icmp-type echo-request \ -j LOG --log-prefix="mangle POSTROUTING:" iptables -t mangle -I POSTROUTING 1 -p icmp
--icmp-type echo-reply \ -j LOG --log-prefix="mangle POSTROUTING:"


Содержание раздела