我遇到了某个开放端口上不需要的流量问题,我想锁定开放端口,以便它只允许来自一个外部 IP 地址的传入流量。我用 Google 搜索过,但似乎找不到解决方案,只提到使用 iptable(我没有这方面的经验)。
正在使用的路由器是 Draytek Vigor2950。
提前致谢。
答案1
我相信我自己已经找到了答案。如果它对其他人有帮助,我找到的解决方案是: http://forums.whirlpool.net.au/archive/1368080
Yes, but it can't be done only by port forward, firewall is also needed.
Steps are as below:
1. Open http port for internal 192.168.1.2(your internal server)
2. Setup two firewall filter rule.
Filter Set 2 Rule 2(first data filter rule)
Direction: WAN -> LAN
Source IP: Any
Destination IP: 192.168.1.2
Service Type: http
Filter: Block if no further match
Filter Set 2 Rule 3
Direction: WAN -> LAN
Source IP: 202.202.202.202
Destination IP: 192.168.1.2
Service Type: http
Filter: Pass immediately
Then only 202.202.202.202 is allowed to access internal server.