我使用了来自这里设置规则确保用户transmission-daemon只能通过我使用的 VPN 发送流量。
至少作者是这么说的。我很难理解以下输出。例如,这一行是什么tcp spt:9091 owner GID match debian-transmission 意思?为什么该规则上没有流量?
提示:我的以太网端口是enp3s0(像eth0)。
$ sudo iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
436 35225 f2b-sshd tcp -- any any anywhere anywhere multiport dports ssh
1085 221K ACCEPT all -- tun0 any anywhere anywhere
2913 923K ACCEPT all -- enp3s0 any anywhere anywhere
112 12221 ACCEPT all -- lo any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 4540 packets, 1267K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any enp3s0 anywhere 192.168.100.0/25 tcp spt:9091 owner GID match debian-transmission
0 0 ACCEPT udp -- any enp3s0 anywhere 192.168.100.0/25 udp spt:9091 owner GID match debian-transmission
2263 202K ACCEPT all -- any tun0 anywhere anywhere owner GID match debian-transmission
12 2581 ACCEPT all -- any lo anywhere anywhere owner GID match debian-transmission
0 0 REJECT all -- any any anywhere anywhere owner GID match debian-transmission reject-with icmp-port-unreachable
答案1
规则:
iptables -A OUTPUT -d 192.168.100.0/25 -p tcp --sport 9091 -m owner --gid-owner debian-transmission -o enp3s0 -j ACCEPT
将接受数据包如果它适用于 192.168.100.0 - 192.168.100.127 范围内的任意 IP和协议是 tcp和源端口为 9091和数据包所有者是 debian-transmission和它的目标地址是网络接口 enp3s0别的转到下一个 iptables 规则。