# Generated by iptables-save v1.3.0 on Tue Dec 27 16:20:27 2005*filter:FORWARD DROP [0:0]默认丢弃所有转发的数据包-------------------------------------------:INPUT DROP [807:77946]默认丢弃所有进入Linux防火墙的数据包-------------------------------------------:OUTPUT DROP [15:1032]默认丢弃所有Linux防火墙的数据包-------------------------------------------:RH-Firewall-1-INPUT - [0:0]-A FORWARD -j LOG --log-prefix "[IPTABLES LOG]:" --log-level 7 记录所有级别为debug的iptables日志,并添加[IPTABLES LOG]标记---------------------------------------------------------------A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT允许转发状态为相关的、以建立连接的数据包--------------------------------------------------------------- -A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -o eth1 -p tcp -m tcp --dport 21 -j ACCEPT-A FORWARD -s 10.103.2.0/255.255.255.0 -i eth1 -o eth0 -p tcp -m tcp --sport 20 -j ACCEPT 允许FTP流量-------------------------------------------------------------------------------------------A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -o eth1 -p tcp -m tcp --dport 990 -j ACCEPT -A FORWARD -s 10.103.2.0/255.255.255.0 -i eth1 -o eth0 -p tcp -m tcp --sport 989 -j ACCEPT 允许ssl ftp流量------------------------------------------------------------------------------------------A INPUT -s 10.103.2.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT
--------------------------------------------------------------------------------------------A INPUT -s 10.103.2.0/255.255.255.0 -p tcp -m tcp --sport 20 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -s 10.103.2.0/255.255.255.0 -p tcp -m tcp --dport 21 -j ACCEPT COMMIT# Completed on Tue Dec 27 16:20:27 2005
