这是我当前的 IpTables 设置:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:2022
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 10.10.10.0/24 anywhere policy match dir in pol ipsec proto esp
ACCEPT all -- anywhere 10.10.10.0/24 policy match dir out pol ipsec proto esp
DROP all -- anywhere anywhere
我想阻止这个 IP 地址 5.79.71.205,因为它被其中一名 VPN 用户用作恶意软件。
我是否像这样阻止顶部的输入?
sudo iptables -I INPUT -s 5.79.71.205 -p all -j DROP
或者我是否必须这样做因为 VPN(IKEv2)伪装?
sudo iptables -I FORWARD -s 5.79.71.205 -j DROP
或者我必须阻止输出?
sudo iptables -I OUTPUT -d 5.79.71.205 -j DROP
或者甚至是全部?
答案1
只需阻止进出即可。应该可以解决您的问题。
iptables -A 输入 -s 5.79.71.205 -j DROP
iptables -A 输出 -d 5.79.71.205 -j DROP