suse 11 企业版防火墙配置

最新推荐文章于 2024-03-04 11:47:59 发布

weixin_33693070

最新推荐文章于 2024-03-04 11:47:59 发布

阅读量360

点赞数

文章标签：网络

原文链接：http://blog.51cto.com/jxwpx/860014

版权

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
    2   100 ACCEPT     all -- lo     *       0.0.0.0/0            0.0.0.0/0
423 36366 ACCEPT     all -- *      *       0.0.0.0/0            0.0.0.0/0           state ESTABLISHED
    0     0 ACCEPT     icmp -- *      *       0.0.0.0/0            0.0.0.0/0           state RELATED
   59 17575 input_ext all -- br0    *       0.0.0.0/0            0.0.0.0/0
   21 6960 input_ext all -- br1    *       0.0.0.0/0            0.0.0.0/0
    0     0 input_ext all -- eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 input_ext all -- eth1   *       0.0.0.0/0            0.0.0.0/0
    0     0 input_ext all -- *      *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
    0     0 DROP       all -- *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all -- *      *       0.0.0.0/0            0.0.0.0/0           PHYSDEV match --physdev-is-bridged
    0     0 LOG        all -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
    2   100 ACCEPT     all -- *      lo      0.0.0.0/0            0.0.0.0/0
360 54688 ACCEPT     all -- *      *       0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED
    0     0 LOG        all -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination

Chain input_ext (5 references)
pkts bytes target     prot opt in     out     source               destination
   78 24431 DROP       all -- *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = broadcast
    0     0 ACCEPT     icmp -- *      *       0.0.0.0/0            0.0.0.0/0           icmp type 4
    0     0 ACCEPT     icmp -- *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8
    2   104 LOG        tcp -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
    2   104 ACCEPT     tcp -- *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
    0     0 LOG        all -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 DROP       all -- *      *       0.0.0.0/0            0.0.0.0/0           PKTTYPE = multicast
    0     0 LOG        tcp -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 LOG        icmp -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 LOG        udp -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
    0     0 LOG        all -- *      *       0.0.0.0/0            0.0.0.0/0           limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV '
    0     0 DROP       all -- *      *       0.0.0.0/0            0.0.0.0/0

Chain reject_func (0 references)
pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp -- *      *       0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
    0     0 REJECT     udp -- *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
    0     0 REJECT     all -- *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-proto-unreachable

转载于:https://blog.51cto.com/jxwpx/860014