debian 会自动生成防火强吗?

zswlb9999 · 发表于 2010-12-8 19:02:25

之前一直没有使用防火墙,.几天发现系统启动了防火墙:-N INBOUND
-N LOG_FILTER
-N LSI
-N LSO
-N OUTBOUND
-A INPUT -s 202.96.128.86/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 202.96.128.86/32 -p udp -j ACCEPT
-A INPUT -s 210.77.127.80/32 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -s 210.77.127.80/32 -p udp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -m limit --limit 10/sec -j ACCEPT
-A INPUT -d 255.255.255.255/32 -i eth0 -j DROP
-A INPUT -d 119.38.170.255/32 -j DROP
-A INPUT -s 224.0.0.0/8 -j DROP
-A INPUT -d 224.0.0.0/8 -j DROP
-A INPUT -s 255.255.255.255/32 -j DROP
-A INPUT -d 0.0.0.0/32 -j DROP
-A INPUT -m state --state INVALID -j DROP
-A INPUT -f -m limit --limit 10/min -j LSI
-A INPUT -i eth0 -j INBOUND
-A INPUT -d 192.168.0.13/32 -i eth3 -j INBOUND
-A INPUT -d 119.38.170.227/32 -i eth3 -j INBOUND
-A INPUT -d 192.168.0.255/32 -i eth3 -j INBOUND
-A INPUT -j LOG_FILTER
-A INPUT -j LOG --log-prefix "Unknown Input" --log-level 6
-A FORWARD -p icmp -m limit --limit 10/sec -j ACCEPT
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth3 -j OUTBOUND
-A FORWARD -d 192.168.0.0/24 -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOG_FILTER
-A FORWARD -j LOG --log-prefix "Unknown Forward" --log-level 6
-A OUTPUT -s 119.38.170.227/32 -d 202.96.128.86/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 119.38.170.227/32 -d 202.96.128.86/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -s 119.38.170.227/32 -d 210.77.127.80/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -s 119.38.170.227/32 -d 210.77.127.80/32 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -s 224.0.0.0/8 -j DROP
-A OUTPUT -d 224.0.0.0/8 -j DROP
-A OUTPUT -s 255.255.255.255/32 -j DROP
-A OUTPUT -d 0.0.0.0/32 -j DROP
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -o eth0 -j OUTBOUND
-A OUTPUT -o eth3 -j OUTBOUND
-A OUTPUT -j LOG_FILTER
-A OUTPUT -j LOG --log-prefix "Unknown Output" --log-level 6
-A INBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INBOUND -j LSI
-A LSI -j LOG_FILTER
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A LSI -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -p icmp -m icmp --icmp-type 8 -j DROP
-A LSI -m limit --limit 5/sec -j LOG --log-prefix "Inbound " --log-level 6
-A LSI -j DROP
-A LSO -j LOG_FILTER
-A LSO -m limit --limit 5/sec -j LOG --log-prefix "Outbound " --log-level 6
-A LSO -j REJECT --reject-with icmp-port-unreachable
-A OUTBOUND -p icmp -j ACCEPT
-A OUTBOUND -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTBOUND -j ACCEPT
------------------------------------

eth0    Link encap:Ethernet  HWaddr 00:07:40:1e:95:ca
      inet addr:119.38.170.227  Bcast:119.38.170.255  Mask:255.255.255.192
      inet6 addr: fe80::207:40ff:fe1e:95ca/64 Scope

ink
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:141654 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134046 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:90571247 (86.3 MiB)  TX bytes:22963192 (21.8 MiB)
      Interrupt:17 Base address:0xd000

eth1    Link encap:Ethernet  HWaddr 00:50:fc:40:48:ce
      inet addr:192.168.1.11  Bcast:192.168.1.255  Mask:255.255.255.0
      UP BROADCAST MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
      Interrupt:19 Base address:0xd100

eth2    Link encap:Ethernet  HWaddr 00:0a:eb:77:5c:94
      inet addr:192.168.1.12  Bcast:192.168.0.255  Mask:255.255.255.0
      UP BROADCAST MULTICAST  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
      Interrupt:16 Base address:0xd200

eth3    Link encap:Ethernet  HWaddr 00:e0:4c:88:b5:d1
      inet addr:192.168.0.13  Bcast:192.168.0.255  Mask:255.255.255.0
      inet6 addr: fe80::2e0:4cff:fe88:b5d1/64 Scope

ink
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:195 errors:0 dropped:0 overruns:0 frame:0
      TX packets:142 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:17712 (17.2 KiB)  TX bytes:13260 (12.9 KiB)
      Interrupt:17 Base address:0xd300

lo       Link encap

ocal Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:804 errors:0 dropped:0 overruns:0 frame:0
      TX packets:804 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:108885 (106.3 KiB)  TX bytes:108885 (106.3 KiB)

		自动登录	找回密码
密码			注册

debian 会自动生成防火强吗?

浏览过的版块