#iptables -L -n -v
Chain INPUT (policy ACCEPT 42 packets, 3360 bytes)
pkts bytes target prot opt in out source destination
207 15586 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth0 * 78.12.0.0/14 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- eth0 * 84.220.0.0/14 0.0.0.0/0 tcp dpt:22
119 7108 DROP tcp -- * * !78.12.47.44 0.0.0.0/0 tcp dpt:80
0 0 DROP all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 143 packets, 16147 bytes)
pkts bytes target prot opt in out source destination
根据这些防火墙规则,为什么auth.log我发现
Jan 24 23:51:24 vps45276 sshd[1579]: Invalid user toto from 178.32.42.238
Jan 24 23:51:24 vps45276 sshd[1579]: Received disconnect from 178.32.42.238: 11:
Bye Bye [preauth]
Jan 25 00:10:09 vps45276 sshd[1608]: Invalid user serveur from 178.32.42.238
Jan 25 00:10:09 vps45276 sshd[1608]: Received disconnect from 178.32.42.238: 11:
Bye Bye [preauth]
我违反了什么规则?
答案1
您只DROP过滤来自 的流量eth0。但是,不需要的流量几乎肯定是通过其他接口进入的。从最终DROP规则中删除该限定符,最好将INPUT表的策略设置为DROP。