raspberrypiでiptablesとchkconfig

linux

設定できるように設定しました(?

その作業ログ 結構前に設定したからいまいちピンとこない [shell gutter="false"] root@raspberrypi:~# apt-get install iptables-persistent Reading package lists... Done Building dependency tree
Reading state information... Done The following NEW packages will be installed: iptables-persistent 0 upgraded, 1 newly installed, 0 to remove and 30 not upgraded. Need to get 10.3 kB of archives. After this operation, 61.4 kB of additional disk space will be used. Get:1 http://mirrordirector.raspbian.org/raspbian/ wheezy/main iptables-persistent all 0.5.7 [10.3 kB] Fetched 10.3 kB in 1s (8,899 B/s)
Preconfiguring packages ... Selecting previously unselected package iptables-persistent. (Reading database ... 70650 files and directories currently installed.) Unpacking iptables-persistent (from .../iptables-persistent_0.5.7_all.deb) ... update-rc.d: using dependency based boot sequencing Setting up iptables-persistent (0.5.7) ... [....] Loading iptables rules... skipping IPv4 (no rules to load)... skipping IPv6 (no rule[ ok load)...done. root@raspberrypi:~# vi /etc/iptables/rules.v4 root@raspberrypi:~# cat /etc/iptables/rules.v4 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :LOGGING - [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -s 153.120.82.43 --dport 10050 -j ACCEPT -A INPUT -p tcp -s 153.120.82.43 --dport 10051 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -j LOGGING -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A LOGGING -m limit --limit 3/hour -j LOG --log-prefix "DROP:" --log-level 7 -A LOGGING -j DROP COMMIT

root@raspberrypi:~# /etc/init.d/iptables-persistent start [ ok ] Loading iptables rules... IPv4... skipping IPv6 (no rules to load)...done.

root@raspberrypi:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- 153.120.82.43 anywhere tcp dpt:zabbix-agent ACCEPT tcp -- 153.120.82.43 anywhere tcp dpt:zabbix-trapper ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOGGING all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy DROP) target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT) target prot opt source destination

Chain LOGGING (1 references) target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/hour burst 5 LOG level debug prefix "DROP:" DROP all -- anywhere anywhere

root@raspberrypi:~# chkconfig --list | grep iptables-persistent iptables-persistent 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[/shell]