iptable

过滤

 

iptables -A FORWARD -p tcp -m state --state ESTABLISHED -m string --string "sex" --algo bm -j DROP

iptables -A INPUT -p tcp -m state --state ESTABLISHED -m string --string "s" --algo bm -j DROP

iptables -A OUTPUT -p tcp -m state --state ESTABLISHED -m string --string "sex" --algo bm -j DROP

iptables -A OUTPUT -p tcp -m state --state ESTABLISHED -m string --string "sex" --algo bm -j LOG --log-prefix " (sex) "

iptables -A OUTPUT -p tcp -m state --state ESTABLISHED -m string --string "色情" --algo bm -j LOG --log-prefix " (色情) "

iptables -A OUTPUT -p tcp -m state --state ESTABLISHED -m string --string "基金" --algo bm -j LOG --log-prefix " (基金) "

iptables -L OUTPUT | grep prefix | awk '{print $21}'

 

均衡负载

iptables已经费了

 

ifconfig eth0:0 192.168.22.210 netmask 255.255.252.0
ifconfig eth0:1 192.168.22.211 netmask 255.255.252.0

nc -u -l 192.168.22.210 1234
nc -u -l 192.168.22.211 1234

//目标地址转换

iptables -t nat -A PREROUTING -d 192.168.22.209 -p udp --dport 1234 -j DNAT --to 192.168.22.210-192.168.22.211:1234 --random

 

//源地址转换
iptables -t nat -A POSTROUTING -s 192.168.22.0/24 -p udp --dport 1234 -j SNAT --to 192.168.22.209

 

使用ipvsadm

ipvsadm -C
ipvsadm -A -u 192.168.22.209:1234 -s rr
ipvsadm -a -u 192.168.22.209:1234 -r 192.168.22.210:1234 -m
ipvsadm -a -u 192.168.22.209:1234 -r 192.168.22.211:1234 -m