续前文;随竟写了几个命令。来充分利用L7的优势。据测试的效果还是不错的。下面是的部分IPTABLES。请注意。有可能重复限制了BT EMULE等了。
[root@nginx-http ipp2p-0.8.2]# iptables-save
# Generated by iptables-save v1.3.7 on Wed Jan 9 18:10:10 2008
*mangle
:PREROUTING ACCEPT [39560:5353718]
:INPUT ACCEPT [516:35974]
:FORWARD ACCEPT [39043:5317714]
:OUTPUT ACCEPT [484:34806]
:POSTROUTING ACCEPT [15217:3724119]
-A POSTROUTING -m layer7 –l7proto skypetoskype -j Drop
-A POSTROUTING -m layer7 –l7proto skypeout -j Drop
-A POSTROUTING -m layer7 –l7proto edonkey -j Drop
-A POSTROUTING -m layer7 –l7proto fasttrack -j Drop
-A POSTROUTING -m layer7 –l7proto bittorrent -j Drop
COMMIT
# Completed on Wed Jan 9 18:10:10 2008
# Generated by iptables-save v1.3.7 on Wed Jan 9 18:10:10 2008
*filter
:INPUT ACCEPT [524:36294]
:FORWARD ACCEPT [15294:3822741]
:OUTPUT ACCEPT [500:37030]
-A FORWARD -m layer7 –l7proto edonkey -j Drop
-A FORWARD -m layer7 –l7proto bittorrent -j Drop
COMMIT
# Completed on Wed Jan 9 18:10:10 2008
# Generated by iptables-save v1.3.7 on Wed Jan 9 18:10:10 2008
*nat
:PREROUTING ACCEPT [25468:1606241]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:124]
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.10.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Wed Jan 9 18:10:10 2008
[root@nginx-http ipp2p-0.8.2]#
呵呵,系统显示的匹配策略来SHOW下效果:
文章知识点与官方知识档案匹配,可进一步学习相关知识CS入门技能树Linux入门初识Linux24750 人正在系统学习中 相关资源:竞业达电子监考系统.zip_竞业达SIP服务器- 管软件文档类资源…
声明:本站部分文章及图片源自用户投稿,如本站任何资料有侵权请您尽早请联系jinwei@zod.com.cn进行处理,非常感谢!