- -A FORWARD -s 172.18.0.15 -o eth1 -j DROP
- -A FORWARD -s 172.18.0.14 -o eth1 -j DROP
- -A FORWARD -s 172.18.10.11 -o eth1 -j ACCEPT
-A FORWARD -s 10.10.10.11 -d 172.18.20.20 -j ACCEPT
-A FORWARD -s 172.16.30.0/24 -d 172.18.30.211 -j ACCEPT
- -A FORWARD -s 172.18.30.64 -o eth1 -j ACCEPT
- -A FORWARD -s 172.18.0.16 -o eth1 -j DROP
- -A FORWARD -s 172.18.30.211 -o eth1 -j DROP
- -A FORWARD -s 172.19.0.0/16 -o eth1 -j LOG --log-prefix "gwFOR19:"
- -A FORWARD -s 172.18.0.0/16 -o eth1 -j LOG --log-prefix "gwFOR18:"
- -A FORWARD -s 192.168.100.122 -o eth1 -j DROP
- -A FORWARD -s 192.168.100.0/24 -o eth1 -j LOG --log-prefix "gwFOR100:"
-A FORWARD -s 172.18.20.13 -d 172.18.20.15 -j ACCEPT
- -A FORWARD -s 192.168.20.0/24 -j LOG --log-prefix "gwFORwgc192:"
- -A FORWARD -s 172.20.0.0/16 -j LOG --log-prefix "gwFORwgc172:"
- -A FORWARD -s 192.168.2.0/24 -j LOG --log-prefix "gwFORgu192:"
- -A FORWARD -s 172.16.0.0/16 -j LOG --log-prefix "gwFORgu172:"
- -A FORWARD -s 10.10.10.80 -j ACCEPT
- -A FORWARD -s 10.10.10.12 -j ACCEPT
-A FORWARD -s 10.10.10.54 -d 172.18.30.211 -j ACCEPT
- -A FORWARD -s 10.10.10.0/24 -j LOG --log-prefix "FOR***10:"
- -A FORWARD -s 192.168.0.0/24 -j ACCEPT
- -A FORWARD -s 10.10.10.20 -j ACCEPT
- -A FORWARD -s 10.10.10.21 -j ACCEPT
- -A FORWARD -s 10.10.10.65 -j ACCEPT
- -A FORWARD -s 10.10.10.11 -j ACCEPT
-A FORWARD -s 10.10.10.11 -d 172.18.20.11 -j ACCEPT
-A FORWARD -s 10.10.10.41 -d 172.18.10.11 -j ACCEPT
- -A FORWARD -d 192.168.2.48 -j ACCEPT
- -A FORWARD -d 192.168.2.0/24 -j ACCEPT
- -A FORWARD -d 61.240.136.201 -j ACCEPT
- -A FORWARD -s 172.18.100.100 -j ACCEPT
-A FORWARD -s 172.18.100.100 -d 172.18.0.0/16 -j ACCEPT
- -A FORWARD -s 172.18.0.0/16 -d 172.19.0.0/16 -j ACCEPT
- -A FORWARD -d 172.18.0.0/16 -s 172.19.0.0/16 -j ACCEPT
- -A FORWARD -s 172.18.0.0/24 -j ACCEPT
- -A FORWARD -d 172.18.0.0/24 -j ACCEPT
- -A FORWARD -s 172.18.10.0/24 -j ACCEPT
- -A FORWARD -s 172.18.20.0/24 -j ACCEPT
-A FORWARD -s 172.18.0.0/16 -o eth1 -p udp --dport 123 -j ACCEPT
-A FORWARD -s 172.18.0.0/16 -o eth1 -p tcp --dport 123 -j ACCEPT
-A FORWARD -s 172.18.0.0/16 -o eth1 -p udp --dport 161 -j ACCEPT
-A FORWARD -s 192.168.20.131 -d 172.18.20.2 -j ACCEPT
-A FORWARD -s 172.18.20.28 -d 172.18.100.100 -j ACCEPT
- -A FORWARD -s 172.18.30.0/24 -j ACCEPT
- -A FORWARD -s 172.18.40.0/24 -j ACCEPT
- -A FORWARD -s 172.18.50.0/24 -d 172.18.70.0/24 -j ACCEPT
- -A FORWARD -s 172.18.50.0/24 -j ACCEPT
- -A FORWARD -s 172.18.60.0/24 -j ACCEPT
- -A FORWARD -s 172.18.70.0/24 -j ACCEPT
- -A FORWARD -d 172.18.70.0/24 -j ACCEPT
- -A FORWARD -s 172.18.70.0/24 -d 172.18.50.0/24 -j ACCEPT
- -A FORWARD -s 172.18.80.0/24 -j ACCEPT
- -A FORWARD -s 172.18.0.0/16 -d 172.19.0.0/16 -j ACCEPT
- -A FORWARD -d 172.18.0.0/16 -s 172.19.0.0/16 -j ACCEPT
- -A FORWARD -s 172.18.90.0/24 -j ACCEPT
- -A FORWARD -s 172.18.100.0/24 -j ACCEPT
-A FORWARD -s 172.18.0.15 -d 172.20.1.14 -j ACCEPT
-A FORWARD -s 172.18.50.0/24 -d 172.20.1.14 -j ACCEPT
-A FORWARD -s 172.18.70.0/24 -d 172.20.1.14 -j ACCEPT
-A FORWARD -s 172.18.20.0/24 -d 172.20.1.14 -j ACCEPT
- -A FORWARD -i eth1 -s 192.168.100.121 -j ACCEPT
- -A FORWARD -i eth1 -s 192.168.100.0/24 -j DROP
- -A FORWARD -i eth0 -s 192.168.100.0/24 -j DROP
- -A FORWARD -s 172.18.50.0/24 -d 224.0.0.0/8 -j ACCEPT
- -A FORWARD -s 172.18.100.100 -j ACCEPT
- -A FORWARD -d 172.18.100.100 -j ACCEPT
- -A FORWARD -d 172.18.20.50 -j ACCEPT
- -A FORWARD -d 172.18.20.51 -j ACCEPT
- -A FORWARD -d 172.18.20.52 -j ACCEPT
- -A FORWARD -d 172.16.30.36 -j ACCEPT
- -A FORWARD -d 172.18.20.53 -j ACCEPT
- -A FORWARD -d 172.18.20.114 -j ACCEPT
- -A FORWARD -d 172.18.20.125 -j ACCEPT
- -A FORWARD -s 172.18.20.0/24 -d 172.18.30.0/24 -j ACCEPT
- -A FORWARD -s 172.18.30.0/24 -d 172.18.20.0/24 -j ACCEPT
-A FORWARD -i eth1 -p tcp --dport 194 -j ACCEPT
-A FORWARD -i eth1 -p icmp -j DROP
- -A FORWARD -j LOG --log-prefix "gwTotal_for"
- #-A FORWARD -j DROP
- #------------------------------------------------------------------------
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
- -A INPUT -i eth0 -p tcp --dport 194 -j ACCEPT
- -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
- -A INPUT -i eth0 -p udp --dport 123 -j ACCEPT
- -A INPUT -i eth0 -p tcp --dport 123 -j ACCEPT
- -A INPUT -s 172.18.70.0/24 -d 172.18.70.255 -j DROP
- -A INPUT -s 172.18.70.0/24 -d 172.18.70.1 -p tcp --dport 3344 -j ACCEPT
- -A INPUT -s 172.18.0.16/32 -d 172.18.20.1 -p tcp --dport 3344 -j ACCEPT
- -A INPUT -s 172.18.70.0/24 -j LOG --log-prefix "gw70_in"
- -A INPUT -s 172.18.70.0/24 -j ACCEPT
- -A INPUT -p udp --dport 137 -j DROP
- -A INPUT -p udp --dport 138 -j DROP
- -A INPUT -i eth1 -p udp --dport 5900 -j DROP
- -A INPUT -i eth1 -p tcp --dport 5900 -j DROP
- -A INPUT -i eth1 -s 60.173.9.247 -p tcp --dport 9922 -j DROP
- -A INPUT -p udp --dport 67 -j DROP
- -A INPUT -p udp --dport 68 -j DROP
- -A INPUT -p tcp --dport 139 -j DROP
- -A INPUT -p tcp --dport 137 -j DROP
- -A INPUT -p tcp --dport 138 -j DROP
- -A INPUT -p udp --dport 139 -j DROP
- -A INPUT -p udp --dport 137 -j DROP
- -A INPUT -p udp --dport 138 -j DROP
- -A INPUT -p tcp --dport 445 -j DROP
- -A INPUT -p udp --dport 445 -j DROP
- -A INPUT -i eth1 -p tcp --dport 53 -j DROP
- -A INPUT -i eth1 -p udp --dport 53 -j DROP
- -A INPUT -i eth1 -p udp --dport 123 -j DROP
- -A INPUT -i eth1 -p tcp --dport 123 -j DROP
- -A INPUT -s 172.18.0.0/16 -d 118.244.194.192/27 -j ACCEPT
- #-A INPUT -i eth1 -j LOG --log-prefix "WAN_in"
- -A INPUT -s 172.18.10.11 -j ACCEPT
- -A INPUT -s 172.18.10.12 -j ACCEPT
- -A INPUT -s 172.18.0.14 -j ACCEPT
- -A INPUT -s 172.18.0.15 -j ACCEPT
- -A INPUT -s 172.18.30.211 -j ACCEPT
- -A INPUT -s 172.18.30.11 -j ACCEPT
- -A INPUT -s 172.18.30.100 -d 172.18.30.1 -j ACCEPT
- -A INPUT -s 172.18.30.12 -j ACCEPT
- -A INPUT -s 172.18.20.20 -j ACCEPT
- -A INPUT -s 172.18.20.4 -j ACCEPT
- -A INPUT -s 172.18.20.5 -j ACCEPT
- -A INPUT -s 172.18.20.6 -j ACCEPT
- -A INPUT -s 172.18.20.7 -j ACCEPT
- -A INPUT -s 172.18.20.0/24 -j ACCEPT
- -A INPUT -s 172.18.20.21 -j ACCEPT
- -A INPUT -s 172.18.20.29 -j ACCEPT
- -A INPUT -s 172.18.20.125 -j ACCEPT
- -A INPUT -s 172.18.20.115 -j ACCEPT
- -A INPUT -s 172.18.20.114 -j ACCEPT
- -A INPUT -s 172.18.20.125 -j ACCEPT
- -A INPUT -s 172.18.20.55 -j ACCEPT
- -A INPUT -s 172.18.20.50 -j ACCEPT
- -A INPUT -s 172.18.20.52 -j ACCEPT
- -A INPUT -s 172.18.20.2 -j ACCEPT
- -A INPUT -s 172.18.0.20 -j ACCEPT
- -A INPUT -s 172.18.50.20 -j ACCEPT
- -A INPUT -s 172.18.50.50 -j ACCEPT
- -A INPUT -s 172.18.50.0/24 -j ACCEPT
- -A INPUT -s 172.18.60.2 -p udp --dport 514 -j ACCEPT
- -A INPUT -s 172.18.60.2 -p icmp -j ACCEPT
- -A INPUT -s 172.18.70.11 -j ACCEPT
- -A INPUT -s 172.18.70.12 -j ACCEPT
- -A INPUT -s 172.18.70.24 -j ACCEPT
- -A INPUT -s 172.18.70.25 -j ACCEPT
- -A INPUT -s 172.18.70.22 -j ACCEPT
- -A INPUT -s 172.18.70.21 -j ACCEPT
- -A INPUT -s 172.18.70.23 -j ACCEPT
- -A INPUT -s 172.18.70.30 -j ACCEPT
- -A INPUT -s 172.18.70.31 -j ACCEPT
- -A INPUT -s 172.18.70.32 -j ACCEPT
- -A INPUT -s 172.18.70.25 -j ACCEPT
- -A INPUT -s 172.18.70.51 -j ACCEPT
- -A INPUT -s 172.18.70.52 -j ACCEPT
- -A INPUT -s 172.16.30.50 -j ACCEPT
- -A INPUT -s 172.16.30.51 -j ACCEPT
- -A INPUT -s 172.16.30.52 -j ACCEPT
- -A INPUT -s 172.16.0.16 -p tcp --dport 3344 -j ACCEPT
- -A INPUT -s 192.168.0.0/24 -j ACCEPT
- -A INPUT -s 192.168.100.0/24 -j ACCEPT
- -A INPUT -s 10.10.10.54 -j ACCEPT
- -A INPUT -s 10.10.10.11 -d 172.18.20.11 -j ACCEPT
- -A INPUT -s 10.10.10.11 -d 172.18.20.20 -j ACCEPT
- -A INPUT -d 10.10.255.255 -j ACCEPT
- -A INPUT -d 118.244.194.198 -p tcp --dport 8083 -j ACCEPT
- -A INPUT -s 218.241.140.82 -d 118.244.194.197 -p tcp --dport 8558 -j ACCEPT
- -A INPUT -s 223.72.70.125 -d 118.244.194.197 -p tcp --dport 8558 -j ACCEPT
- -A INPUT -s 218.241.140.86 -d 118.244.194.211 -p tcp --dport 8080 -j ACCEPT
- -A INPUT -s 101.226.125.104 -d 118.244.194.211 -p tcp --dport 8080 -j ACCEPT
- -A INPUT -d 118.244.194.211 -p tcp --dport 80 -j DROP
来源: http://www.bubuko.com/infodetail-2691531.html