我在 iptables 上设置了很多规则(如果你想要原始脚本,请单击这里):
iptables -A INPUT -m set --match-set banned src -j DROP
iptables -A INPUT -m set --match-set whitelist src -j ACCEPT
iptables -A INPUT -m set --match-set whitelist2 src -j ACCEPT
iptables -A OUTPUT -m set --match-set banned src -j DROP
iptables -A OUTPUT -m set --match-set whitelist src -j ACCEPT
iptables -A OUTPUT -m set --match-set whitelist2 src -j ACCEPT
iptables -A FORWARD -m set --match-set banned src -j DROP
iptables -A FORWARD -m set --match-set whitelist src -j ACCEPT
iptables -A FORWARD -m set --match-set whitelist2 src -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type iptables -A OUTPUT -p icmp --icmp-type iptables -A FORWARD -p icmp --icmp-type iptables -A FORWARD -p icmp --icmp-type iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.10.10.50 -o eth1 -j SNAT --to 192.168.1.142
iptables -t nat -A POSTROUTING -s 169.254.232.41 -o eth1 -j SNAT --to 192.168.1.142
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 80 -d 192.168.1.142 -j DNAT --to 10.10.10.50:8000
iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 3389 -d 192.168.1.142 -j DNAT --to 10.10.10.50
iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 80 -d 192.168.1.142 -j DNAT --to 169.254.232.41:8000
iptables -t nat -A PREROUTING -i eth1 -p tcp -m multiport --dports 3389 -d 192.168.1.142 -j DNAT --to 169.254.232.41
iptables -N PACKET-CHECK
iptables -N 53-SCAN
iptables -t filter -A INPUT -m state --state NEW,UNTRACKED -j PACKET-CHECK
iptables -t filter -A INPUT -m state --state NEW -j PACKET-CHECK
iptables -t filter -A INPUT -m state --state NEW,UNTRACKED -j 53-SCAN
iptables -t filter -A INPUT -m state --state NEW -j 53-SCAN
iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 3389 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 69 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 8000 -j ACCEPT
iptables -A INPUT -p udp -i eth2 -m multiport --dports 67,68 -j ACCEPT
iptables -A OUTPUT -p udp -o eth2 -m multiport --dports 67,68 -j ACCEPT
iptables -A INPUT -p tcp -i eth2 -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 67 -j DROP
iptables -A INPUT -p udp -m udp --dport 68 -j DROP
iptables -A OUTPUT -p udp -m udp --dport 67 -j DROP
iptables -A OUTPUT -p udp -m udp --dport 68 -j DROP
iptables -A INPUT -j DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
我现在想通过尝试与我的计算机的各种连接并检查哪些规则匹配来检查我的规则是否正常工作。
我怎么能这样做呢?