Изпечатай

[bug]

Zdraveite,
Znam 4e ne sam pyrviqt i posledniqt koito povdiga temata ama povqrvaite mi pro4etoh HOWTO na iptables-a, poglednah i saita na http://www.netfilter.org - packet-filtering-HOWTO i t.n. no uvi '> ne mojah da se spravq sys zada4kata. A tq e slednata - imam edna malka mreji4ka 5-6 PC-ta, router Slack 10 i t.n... trqbva na vseki user da ot4eta localen /ot ftp-to /, BG trafik i vyn6niq - izvyn BG peer. Eto kakvo skalapih no ne6to ne ba4ka kakto trqbva '> . Nqkoi moje li da mi kaje kade byrkam i kak gore dolu trqbva da izglejda podoben filter.

iptables -N in_local
iptables -N in_traff_bg
iptables -N in_traff_intl

for i in `cat /ip_list`; do iptables -A in_local -d $i -j ACCEPT; done
for i in `cat /ip_list`; do iptables -A in_traff_bg -s $i -j ACCEPT; done
for i in `cat /ip_list`; do iptables -A in_traff_intl -d $i -j ACCEPT; done
# spisyk s ip-tata na userite
iptables -N out_local
iptables -N out_traff_bg
iptables -N out_traff_intl

for i in `cat /ip_list`; do iptables -A out_local -s $i -j ACCEPT; done
for i in `cat /ip_list`; do iptables -A out_traff_bg -s $i -j ACCEPT; done
for i in `cat /ip_list`; do iptables -A out_traff_intl -s $i -j ACCEPT; done

iptables -N in_traff
iptables -N out_traff

# ftp_ip_list - ip adresite na ftp-tata t.e. localniqt trafik
for i in `cat /ftp_ip_list`; do iptables -A in_traff -s $i -j in_local; done
for i in `cat /ftp_ip_list`; do iptables -A out_traff -d $i -j out_local; done

# kato bg_ip_list - mi spisyk s BG mreji
for i in `cat /bg_ip_list`; do iptables -A in_traff -s $i -j in_traff_bg; done
for i in `cat /bg_ip_list`; do iptables -A out_traff -d $i -j out_traff_bg; done

iptables -P FORWARD ACCEPT

iptables -A FORWARD -i inet_if -j in_traff
iptables -A FORWARD -o inet_if -j out_traf

10x predvaritelno za otdelenoto vreme '>