如何设置 iptables 规则 - 仅访问一个 ip/域

Question

iptables -A FORWARD -s <localip> -d <allowed ip> -j ACCEPT
iptables -A FORWARD -s <localip> -j DROP

还

iptables -L -v -n

检查规则的性能。

[ USER ] -> [ SERVER (filtering in FORWARD) ] -> (internet) + allowed ip

还有一点。为了能够过滤域名，您需要 7 级过滤，最好使用代理或 mikrotik 路由器 :) 当然，有一些技巧，比如在应用过滤器时解析 dns 名称，但一些现代网站有多个 ip 地址，这些地址可能会随时更改。

例如雅虎：

Non-authoritative answer:
Name:   yahoo.com
Address: 98.137.246.7
Name:   yahoo.com
Address: 72.30.35.10
Name:   yahoo.com
Address: 72.30.35.9
Name:   yahoo.com
Address: 98.137.246.8
Name:   yahoo.com
Address: 98.138.219.231
Name:   yahoo.com
Address: 98.138.219.232
Name:   yahoo.com
Address: 2001:4998:44:41d::4
Name:   yahoo.com
Address: 2001:4998:c:1023::5
Name:   yahoo.com
Address: 2001:4998:c:1023::4
Name:   yahoo.com
Address: 2001:4998:58:1836::11
Name:   yahoo.com
Address: 2001:4998:58:1836::10
Name:   yahoo.com
Address: 2001:4998:44:41d::3

Answer 1

iptables -A FORWARD -s <localip> -d <allowed ip> -j ACCEPT
iptables -A FORWARD -s <localip> -j DROP

还

iptables -L -v -n

检查规则的性能。

[ USER ] -> [ SERVER (filtering in FORWARD) ] -> (internet) + allowed ip

还有一点。为了能够过滤域名，您需要 7 级过滤，最好使用代理或 mikrotik 路由器 :) 当然，有一些技巧，比如在应用过滤器时解析 dns 名称，但一些现代网站有多个 ip 地址，这些地址可能会随时更改。

例如雅虎：

Non-authoritative answer:
Name:   yahoo.com
Address: 98.137.246.7
Name:   yahoo.com
Address: 72.30.35.10
Name:   yahoo.com
Address: 72.30.35.9
Name:   yahoo.com
Address: 98.137.246.8
Name:   yahoo.com
Address: 98.138.219.231
Name:   yahoo.com
Address: 98.138.219.232
Name:   yahoo.com
Address: 2001:4998:44:41d::4
Name:   yahoo.com
Address: 2001:4998:c:1023::5
Name:   yahoo.com
Address: 2001:4998:c:1023::4
Name:   yahoo.com
Address: 2001:4998:58:1836::11
Name:   yahoo.com
Address: 2001:4998:58:1836::10
Name:   yahoo.com
Address: 2001:4998:44:41d::3

如何设置 iptables 规则 - 仅访问一个 ip/域

答案1

相关内容