#iptables -L -n -v
Chain INPUT (policy ACCEPT 42 packets, 3360 bytes)
pkts bytes target prot opt in out source destination
207 15586 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 78.12.0.0/14 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 84.220.0.0/14 0.0.0.0/0 tcp dpt:22
119 7108 DROP tcp -- * * !78.12.47.44 0.0.0.0/0 tcp dpt:80
0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 143 packets, 16147 bytes)
pkts bytes target prot opt in out source destination
根据这些防火墙规则,为什么auth.log
我发现
Jan 24 23:51:24 vps45276 sshd[1579]: Invalid user toto from 178.32.42.238
Jan 24 23:51:24 vps45276 sshd[1579]: Received disconnect from 178.32.42.238: 11:
Bye Bye [preauth]
Jan 25 00:10:09 vps45276 sshd[1608]: Invalid user serveur from 178.32.42.238
Jan 25 00:10:09 vps45276 sshd[1608]: Received disconnect from 178.32.42.238: 11:
Bye Bye [preauth]
我违反了什么规则?
答案1
您只DROP
过滤来自 的流量eth0
。但是,不需要的流量几乎肯定是通过其他接口进入的。从最终DROP
规则中删除该限定符,最好将INPUT
表的策略设置为DROP
。