设置:
我已经使用ssh登录华为路由器。这是一个带有 ash 的 busybox 系统。可用的工具有 ifconfig、iptables 等。
我想做的事:
使所有端口(http、ssh、telnet 等)可用于互联网。
# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT tcp -- anywhere anywhere tcp dpt:113 reject-with tcp-reset
2 ACCEPT all -- anywhere anywhere
3 INPUT_DOSFLT all -- anywhere anywhere
4 INPUT_SERVICE_ACL all -- anywhere anywhere
5 INPUT_URLFLT all -- anywhere anywhere
6 INPUT_SERVICE all -- anywhere anywhere
7 SPI_FILTER all -- anywhere anywhere
8 INPUT_FIREWALL all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 FWD_DOSFLT all -- anywhere anywhere
2 FWD_MACFLT all -- anywhere anywhere
3 FWD_URLFLT all -- anywhere anywhere
4 FWD_IPFLT all -- anywhere anywhere
5 FWD_NATSERVICE all -- anywhere anywhere
6 FWD_SERVICE all -- anywhere anywhere
7 SPI_FILTER all -- anywhere anywhere
8 FWD_FIREWALL all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 SPI_FILTER all -- anywhere anywhere
2 ACCEPT all -- anywhere anywhere
3 OUTPUT_DOSFLT all -- anywhere anywhere
Chain ACC_FLT (0 references)
num target prot opt source destination
Chain DMZ_FLT (1 references)
num target prot opt source destination
Chain FWD_DOSFLT (1 references)
num target prot opt source destination
1 syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
2 ping_flood icmp -- anywhere anywhere icmp echo-request
Chain FWD_FIREWALL (1 references)
num target prot opt source destination
Chain FWD_IPFLT (1 references)
num target prot opt source destination
Chain FWD_MACFLT (1 references)
num target prot opt source destination
Chain FWD_NATSERVICE (1 references)
num target prot opt source destination
1 PORTMAP_FLT all -- anywhere anywhere
2 UPNP_PORTMAP all -- anywhere anywhere
3 DMZ_FLT all -- anywhere anywhere
Chain FWD_SERVICE (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere multiport ports 53,67,68,80,443
2 ACCEPT tcp -- anywhere anywhere multiport ports 53,67,68,80,443
3 ACCEPT udp -- anywhere anywhere multiport ports 143,110,25
4 ACCEPT tcp -- anywhere anywhere multiport ports 143,110,25
5 ACCEPT udp -- anywhere anywhere multiport ports 21,115,23
6 ACCEPT tcp -- anywhere anywhere multiport ports 21,115,23
7 ACCEPT icmp -- anywhere anywhere
Chain FWD_URLFLT (1 references)
num target prot opt source destination
Chain FWFLT_NULL (0 references)
num target prot opt source destination
Chain INPUT_DOSFLT (1 references)
num target prot opt source destination
1 syn_flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
2 ping_flood icmp -- anywhere anywhere icmp echo-request
Chain INPUT_FIREWALL (1 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 DROP tcp -- anywhere anywhere tcp dpt:23
3 DROP tcp -- anywhere anywhere tcp dpt:8081
4 DROP all -- anywhere anywhere
Chain INPUT_SERVICE (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere multiport ports 53,67,68
2 DROP tcp -- anywhere anywhere multiport dports 631
3 DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,ACK/SYN
4 ACCEPT udp -- anywhere anywhere udp dpt:500
5 ACCEPT udp -- anywhere anywhere udp dpt:4500
6 ACCEPT esp -- anywhere anywhere
7 ACCEPT udp -- anywhere anywhere udp dpts:67:68
8 ACCEPT udp -- anywhere anywhere udp dpt:6050
9 ACCEPT udp -- anywhere anywhere udp dpt:0
10 ACCEPT udp -- anywhere anywhere udp dpts:50000:50020
Chain INPUT_SERVICE_ACL (1 references)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere
2 ACCEPT icmp -- anywhere anywhere
Chain INPUT_URLFLT (1 references)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:53 dns_flt match homerouter.cpe
Chain IPFLT_BLACKTABLE (0 references)
num target prot opt source destination
Chain IPFLT_WHITETABLE (0 references)
num target prot opt source destination
Chain MACFLT_BLACKTABLE (0 references)
num target prot opt source destination
Chain MACFLT_WHITETABLE (0 references)
num target prot opt source destination
Chain OUTPUT_DOSFLT (1 references)
num target prot opt source destination
Chain PORTMAP_FLT (1 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere 192.168.1.2 tcp dpt:22
Chain SPI_FILTER (3 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere state INVALID
2 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain UPNP_PORTMAP (1 references)
num target prot opt source destination
Chain URLFLT_BLACKTABLE (0 references)
num target prot opt source destination
Chain URLFLT_WHITETABLE (0 references)
num target prot opt source destination
Chain ping_flood (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere limit: avg 100/sec burst 150
2 DROP all -- anywhere anywhere
Chain syn_flood (2 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere limit: avg 100/sec burst 150
2 DROP all -- anywhere anywhere