用于阻止特定网站的 Iptables 规则

2024-5-27 • tag-icon

我创建了一条规则来阻止特定网站（在本例中为 facebook.com），如下所示：

iptables -A OUTPUT -p tcp -d www.facebook.com -j LOG --log-prefix "Accessing Facebook:"
iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP

现在该网站在此之后被屏蔽。但我试图理解日志：

[root@localhost centos]# cat /var/log/messages | grep Facebook
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16774 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16774 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52984 DF PROTO=TCP SPT=59021 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52984 DF PROTO=TCP SPT=59021 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51020 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51020 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16775 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16775 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51021 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51021 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=557 TOS=0x00 PREC=0x00 TTL=64 ID=51022 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK PSH URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=557 TOS=0x00 PREC=0x00 TTL=64 ID=51022 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK PSH URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51023 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=15544 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51023 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=15544 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=51024 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=15544 RES=0x00 ACK PSH URGP=0
Nov  4 17:42:25 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52568 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:25 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52568 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43251 DF PROTO=TCP SPT=59090 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43251 DF PROTO=TCP SPT=59090 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52569 DF PROTO=TCP SPT=59090 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52569 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:13 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53725 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:13 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53725 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:14 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53726 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:14 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53726 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:16 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53727 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:16 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53727 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:20 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53728 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:20 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53728 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:28 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53729 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:28 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53729 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0

有没有办法通过查看日志来判断该网站是否被阻止？如果是这样，我到底应该寻找什么？（或者由于日志中出现了我添加的“访问 Facebook”消息，因此很明显该网站已被阻止）

在输出的第 9 行到第 15 行中，为什么我收到了 ACK 数据包？

相关内容