'iptables'에 해당되는 글 2건

  1. 2007/09/01 내 두번째 iptables 을 이용한 방화벽 좀 나은가??ㅡㅡ;;
  2. 2007/09/01 내 첫번째 iptables 로 구성한 방화벽...너무한다..ㅜㅜ

내 두번째 iptables 을 이용한 방화벽 좀 나은가??ㅡㅡ;;

운영체제/서비스 관련 2007/09/01 23:28 posted by zekill
의헌이형 방화벽 베끼기...카카카 좀 낳아보이려낭...ㅜㅜ
음...의헌이형한테 혼날려낭..-0-a

#!/bin/sh
#############################################
#
# 방화벽 구성 -- zekill@shinbiro.com
#
#############################################
# Main configuration
IPTABLES="/usr/local/sbin/iptables"

# INTERNET IP
INTERNET_PRIV7="xxx.xxx.xxx.234"
INTERNET_PRIV6="xxx.xxx.xxx.235"
INTERNET_PRIV5="xxx.xxx.xxx.236"
INTERNET_PRIV4="xxx.xxx.xxx.237"
INTERNET_PRIV3="xxx.xxx.xxx.238"
INTERNET_PRIV2="xxx.xxx.xxx.239"
INTERNET_PRIV1="xxx.xxx.xxx.240"
INTERNET_USER="xxx.xxx.xxx.241"

INTERNET_FILE="xxx.xxx.xxx.248"
INTERNET_HTTP2="xxx.xxx.xxx.249"
INTERNET_HTTP1="xxx.xxx.xxx.250"
INTERNET_LCL="xxx.xxx.xxx.251"
INTERNET_DNS_SUB="xxx.xxx.xxx.252" #sub dns
INTERNET_SMTP="xxx.xxx.xxx.253"
INTERNET_POP3="xxx.xxx.xxx.253"
INTERNET_DNS_MAIN="xxx.xxx.xxx.253" #main dns

# INTERNAL IP
INTERNAL_LAN="100.100.100.0/24"
INTERNAL_LCL="100.100.100.1"
INTERNAL_DNS="100.100.100.2"
INTERNAL_SMTP="100.100.100.2"
INTERNAL_POP3="100.100.100.2"
INTERNAL_DOTNET="100.100.100.3"
INTERNAL_HTTP1="100.100.100.4"
INTERNAL_HTTP2="100.100.100.5"
INTERNAL_FILE="100.100.100.6"
INTERNAL_IBFILE="100.100.100.7"
INTERNAL_XP="100.100.100.8"

INTERNAL_USER="100.100.100.11-100.100.100.250"


# Let's load it!
echo "Loading zekill firewall:"

# iptables이 설치되어있는지 체크
echo -n "Checking configuration..."
if ! [ -x $IPTABLES ] ; then
    echo
    echo "ERROR IN CONFIGURATION: IPTABLES doesn't exist or isn't executable!"
    exit 1
fi
echo "passed"

# IP 포워딩 허용
if [ -e /proc/sys/net/ipv4/ip_forward ] ; then
    echo 1 > /proc/sys/net/ipv4/ip_forward
else
    echo "ip_forward not found"
fi
# 위에것 보다는 아래 한번 실행
#/etc/sysctl.conf 파일안에 net.ipv4.ip_forward=1 라고 추가하면 위의 내용

# Enable TCP Syncookies
if [ -e /proc/sys/net/ipv4/tcp_syncookies ] ; then
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies
else
    echo "tcp_syncookies support not found"
fi

# 정의되지 않은 에러 메시지를 막음
if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ] ; then
    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
else
    echo "icmp_ignore_bogus_error_responses support not found"
fi

# ip 주소를 스푸핑한다고 예상되는 경우 로그에 기록하기
if [ -e /proc/sys/net/ipv4/conf/all/log_martians ] ; then
    echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
else
    echo "log_martians support not found"
fi

# 스프핑 막기
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ] ; then
  for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do
       echo 1 > $f
  done
else
    echo "rp_filter support not found"
fi

# 브로드캐스트, 멀티캐스트 주소에 ICMP 메시지 보내는것 막기
# "smurf" 공격 방지용
# 커널 2.2 이상에 해당
if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ] ; then
   echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
else
    echo "icmp_echo_ignore_broadcasts support not found"
fi


#########################################################
# 체인 플러시
#########################################################
${IPTABLES} -F
${IPTABLES} -X
${IPTABLES} -t nat -F
${IPTABLES} -t nat -X
${IPTABLES} -t filter -F INPUT
${IPTABLES} -t filter -F OUTPUT
${IPTABLES} -t filter -F FORWARD
${IPTABLES} -t nat    -F PREROUTING
${IPTABLES} -t nat    -F OUTPUT
${IPTABLES} -t nat    -F POSTROUTING
${IPTABLES} -t mangle -F PREROUTING
${IPTABLES} -t mangle -F OUTPUT


#########################################################
# 기본 정책
#########################################################
${IPTABLES} -t filter -P INPUT DROP
${IPTABLES} -t filter -P OUTPUT DROP
${IPTABLES} -t filter -P FORWARD DROP

#########################################################
# 127.0.0.0/8 used to need an entry in INTERNAL_LAN
#########################################################
${IPTABLES} -t filter -A INPUT -s 127.0.0.1 -j ACCEPT


#########################################################
# Local traffic to internet or crossing subnets
#########################################################
${IPTABLES} -t filter -A INPUT   -s ${INTERNAL_LAN}  -d 0/0             -j ACCEPT
${IPTABLES} -t filter -A INPUT   -s 0/0              -d ${INTERNAL_LAN} -j ACCEPT
${IPTABLES} -t filter -A FORWARD -s ${INTERNAL_LAN}  -d 0/0             -j ACCEPT
${IPTABLES} -t filter -A FORWARD -s 0/0              -d ${INTERNAL_LAN} -j ACCEPT
#${IPTABLES} -t filter -A FORWARD -d ${INTERNAL_LAN} -m state --state ESTABLISHED,RELATED -j ACCEPT


#########################################################
# Source NAT
#########################################################
${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_DNS}     -o eth0 -j SNAT --to ${INTERNET_DNS_MAIN}
${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_SMTP}    -o eth0 -j SNAT --to ${INTERNET_SMTP}
${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_POP3}    -o eth0 -j SNAT --to ${INTERNET_POP3}
${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_HTTP1}   -o eth0 -j SNAT --to ${INTERNET_HTTP1}
${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_HTTP2}   -o eth0 -j SNAT --to ${INTERNET_HTTP2}
${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_LAN}     -o eth0 -j SNAT --to ${INTERNET_USER}



#########################################################
# Masquerading
#########################################################
#${IPTABLES} -t nat -A POSTROUTING -s ${INTERNAL_LAN}     -o eth0 -j MASQUERADE


#########################################################
# Port Forwarding
#########################################################
# SMTP
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_SMTP}  --dport 25 -j DNAT --to ${INTERNAL_SMTP}:25
# DNS
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_DNS_MAIN}   --dport 53 -j DNAT --to ${INTERNAL_DNS}:53
${IPTABLES} -t nat -A PREROUTING -i eth0 -m udp -p UDP -s 0/0 -d ${INTERNET_DNS_MAIN}   --dport 53 -j DNAT --to ${INTERNAL_DNS}:53
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_DNS_SUB}    --dport 53 -j DNAT --to ${INTERNAL_DNS}:53
${IPTABLES} -t nat -A PREROUTING -i eth0 -m udp -p UDP -s 0/0 -d ${INTERNET_DNS_SUB}    --dport 53 -j DNAT --to ${INTERNAL_DNS}:53
# HTTP
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_HTTP1} --dport 80 -j DNAT --to ${INTERNAL_HTTP1}:80
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_HTTP2} --dport 8000 -j DNAT --to ${INTERNAL_HTTP2}:8000
# POP3
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_POP3} --dport 110 -j DNAT --to ${INTERNAL_POP3}:110

# MMS
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_FILE} --dport 1755 -j DNAT --to ${INTERNAL_FILE}:1755
${IPTABLES} -t nat -A PREROUTING -i eth0 -m udp -p UDP -s 0/0 -d ${INTERNET_FILE} --dport 1755 -j DNAT --to ${INTERNAL_FILE}:1755

${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_HTTP2} --dport 1755 -j DNAT --to ${INTERNAL_HTTP2}:1755
${IPTABLES} -t nat -A PREROUTING -i eth0 -m udp -p UDP -s 0/0 -d ${INTERNET_HTTP2} --dport 1755 -j DNAT --to ${INTERNAL_HTTP2}:1755


# msn-dcc
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_USER} --dport 6891:6901 -j DNAT --to-destination ${INTERNAL_USER}:6891-6901
# soribada-dcc
${IPTABLES} -t nat -A PREROUTING -i eth0 -m tcp -p TCP -s 0/0 -d ${INTERNET_USER} --dport 9001:9004 -j DNAT --to-destination ${INTERNAL_USER}:9001-9004
# soribada-dcc
${IPTABLES} -t nat -A PREROUTING -i eth0 -m udp -p UDP -s 0/0 -d ${INTERNET_USER} --dport 9001:9004 -j DNAT --to-destination ${INTERNAL_USER}:9001-9004
# Terminal
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d  ${INTERNET_HTTP2}   --dport 3389 -j DNAT --to ${INTERNAL_HTTP2}:3389
# FTP
#${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d  ${INTERNET_LCL}   --dport 21 -j DNAT --to 100.100.100.113:21
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d  ${INTERNET_HTTP2}   --dport 209 -j DNAT --to ${INTERNAL_HTTP2}:209
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d  ${INTERNET_HTTP2}   --dport 210 -j DNAT --to ${INTERNAL_HTTP2}:210


#PRIV1
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV1}   --dport 20   -j DNAT --to 100.100.100.111:20
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV1}   --dport 21   -j DNAT --to 100.100.100.111:21
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV1}   --dport 53   -j DNAT --to 100.100.100.111:53
${IPTABLES} -t nat -A PREROUTING -p UDP -s 0/0 -d ${INTERNET_PRIV1}   --dport 53   -j DNAT --to 100.100.100.111:53
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV1}   --dport 88   -j DNAT --to 100.100.100.111:88
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV1}   --dport 3389 -j DNAT --to 100.100.100.111:3389

#PRIV2
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV2}   --dport 20   -j DNAT --to 100.100.100.113:20
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV2}   --dport 21   -j DNAT --to 100.100.100.113:21

#PRIV3
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV3}   --dport 20   -j DNAT --to 100.100.100.108:20
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV3}   --dport 21   -j DNAT --to 100.100.100.108:21
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV3}   --dport 8080 -j DNAT --to 100.100.100.108:80
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV3}   --dport 3389 -j DNAT --to 100.100.100.108:3389

#PRIV4
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV4}   --dport 20   -j DNAT --to 100.100.100.106:20
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV4}   --dport 21   -j DNAT --to 100.100.100.106:21
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV4}   --dport 3389 -j DNAT --to 100.100.100.106:3389

#PRIV5
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV5}   --dport 3389 -j DNAT --to 100.100.100.107:3389
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV5}   --dport 8000 -j DNAT --to 100.100.100.107:8000

#PRIV6
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV6}   --dport 20   -j DNAT --to 100.100.100.112:20
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV6}   --dport 21   -j DNAT --to 100.100.100.112:21
${IPTABLES} -t nat -A PREROUTING -p TCP -s 0/0 -d ${INTERNET_PRIV6}   --dport 4000 -j DNAT --to 100.100.100.112:4000


#########################################################
# eth0 으로 들어오는 패킷에 대한 기본정책(모든 프로토콜과 포트)
#########################################################
${IPTABLES} -N Gl-In
${IPTABLES} -A INPUT -i eth0 -j Gl-In
# Ping Floods (ICMP echo-request)
${IPTABLES} -A Gl-In -m icmp -p ICMP  --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
# pong accept
${IPTABLES} -A Gl-In -m icmp -p ICMP  --icmp-type echo-reply                        -j ACCEPT
# Allowing the rest of the ICMP messages in...
${IPTABLES} -A Gl-In -m icmp -p ICMP  --icmp-type ! echo-request                    -j ACCEPT
# SYN Packet DROP
${IPTABLES} -A Gl-In -m tcp  -p TCP ! --syn                                         -j ACCEPT
# ftp
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 20                                       -j ACCEPT
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 21                                       -j ACCEPT
# SMTP accept
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 25                                       -j ACCEPT
# dns c/s accept
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 53                                       -j ACCEPT
${IPTABLES} -A Gl-In -m udp -p UDP --dport 53                                       -j ACCEPT
# http
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 80                                       -j ACCEPT
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 8000                                       -j ACCEPT

# pop3
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 110                                      -j ACCEPT

# msn
${IPTABLES} -A Gl-In -m tcp -p TCP --dport 6891:6901                                      -j ACCEPT


#########################################################
# eth0 으로 나가는 기본정책
#########################################################
${IPTABLES} -N Gl-Out
${IPTABLES} -t filter -A OUTPUT -o eth0 -j Gl-Out
${IPTABLES} -A Gl-Out -m state --state ESTABLISHED,RELATED      -j ACCEPT
${IPTABLES} -A Gl-Out -s 0/0                -d ${INTERNAL_LAN}  -j ACCEPT
${IPTABLES} -A Gl-Out -s ${INTERNAL_LAN}    -d 0/0              -j ACCEPT
${IPTABLES} -A Gl-Out                                           -j DROP


#########################################################
# eth1 으로 들어오는 기본정책
#########################################################
${IPTABLES} -N zk-In
${IPTABLES} -A INPUT -i eth1 -j zk-In
${IPTABLES} -A zk-In -p TCP  -m state --state NEW -s ${INTERNAL_LAN} -j ACCEPT
${IPTABLES} -A zk-In         -m state --state ESTABLISHED,RELATED    -j ACCEPT
${IPTABLES} -A zk-In -s ${INTERNAL_LAN} -d 0/0                       -j ACCEPT
${IPTABLES} -A zk-In -s 0/0             -d ${INTERNAL_LAN}           -j ACCEPT
${IPTABLES} -A zk-In                                                 -j DROP


#########################################################
# eth1 으로 나가는 기본정책
#########################################################
${IPTABLES} -N zk-Out
${IPTABLES} -t filter -A OUTPUT -o eth1 -j zk-Out
${IPTABLES} -A zk-Out -m state --state ESTABLISHED,RELATED               -j ACCEPT
${IPTABLES} -A zk-Out -p TCP -s 0/0                -d ${INTERNAL_LAN}    -j ACCEPT
${IPTABLES} -A zk-Out -p TCP -s ${INTERNAL_LAN}    -d 0/0                -j ACCEPT
${IPTABLES} -A zk-Out                                                    -j DROP


#########################################################
#포워딩되는 기본정책
#########################################################
${IPTABLES} -N zk-FORWARD                                                        
${IPTABLES} -t filter -A FORWARD -j zk-FORWARD                                                                    
${IPTABLES} -A zk-FORWARD -m state --state ESTABLISHED,RELATED          -j ACCEPT                                          
${IPTABLES} -A zk-FORWARD -d 0/0 -i eth0 -p tcp --syn --dport 6891:6901 -j ACCEPT # msn-dcc                      
${IPTABLES} -A zk-FORWARD -d 0/0 -i eth0 -p tcp --syn --dport 9001:9004 -j ACCEPT # 소리바다                      
${IPTABLES} -A zk-FORWARD -d 0/0 -i eth0 -p udp       --dport 9001:9004 -j ACCEPT # 소리바다                      

# 스트링 검사
${IPTABLES} -A zk-FORWARD -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "default.ida" -j REJECT --reject-with tcp-reset
${IPTABLES} -A zk-FORWARD -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "cmd.exe"     -j REJECT --reject-with tcp-reset
${IPTABLES} -A zk-FORWARD -p tcp --tcp-flags ACK ACK --dport 80 -m string --string "root.exe"    -j REJECT --reject-with tcp-reset

${IPTABLES} -A zk-FORWARD                                               -j ACCEPT


#########################################################
# Service mangle optimizations
#########################################################
${IPTABLES} -t mangle -A OUTPUT -p tcp --dport 22 -j TOS --set-tos Minimize-Delay
${IPTABLES} -t mangle -A OUTPUT -p tcp --dport 20 -j TOS --set-tos Minimize-Cost
${IPTABLES} -t mangle -A OUTPUT -p tcp --dport 21 -j TOS --set-tos Minimize-Delay


#########################################################
# Include Modules
#########################################################
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_conntrack_ftp


#All done!
echo "Done loading the firewall!"


# -- zekill@shinbiro.com
2007/09/01 23:28 2007/09/01 23:28
TAG , ,
받은 트랙백이 없고 , 댓글이 없습니다.

내 첫번째 iptables 로 구성한 방화벽...너무한다..ㅜㅜ

운영체제/서비스 관련 2007/09/01 23:27 posted by zekill
##################################################
# iptables script                                #
# written by zekill                              #
# DO NOT USE THE -t (table) OPTION IN THIS FILE! #
##################################################

*filter
# default
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# loopback accept
-A INPUT -s 127.0.0.1 -j ACCEPT

# local ip accept
-A INPUT -s 192.168.0.0/24 -j ACCEPT
-A FORWARD -s 192.168.0.0/24 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -j ACCEPT

# syn packet drop
-A INPUT -i eth0 -m tcp -p TCP ! --syn -j ACCEPT

# dns c/s accept
#-A INPUT -i eth0 -m udp -p TCP --dport 53 -j ACCEPT
#-A INPUT -i eth0 -m udp -p UDP --dport 53 -j ACCEPT

# ftp
-A INPUT -i eth0 -m tcp -p TCP --dport 209 -j ACCEPT
-A INPUT -i eth0 -m tcp -p TCP --dport 210 -j ACCEPT

# http & ssl
-A INPUT -i eth0 -m tcp -p TCP --dport 8000 -j ACCEPT
#-A INPUT -i eth0 -m tcp -p TCP --dport 443 -j ACCEPT

# pong accept
-A INPUT -i eth0 -m icmp -p ICMP --icmp-type echo-reply -j ACCEPT

# established & related Accept (ex: ftp-data connect)
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# my IB com
-A INPUT -s xxx.xxx.xxx.0/24 -j ACCEPT

COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

# start address change
#-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to xxx.xxx.xxx.20

# Masquerade
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

# ftp posting
#-A PREROUTING -i eth0 -m tcp -p TCP --dport 209 -j DNAT --to 192.168.0.2:209
#-A PREROUTING -i eth0 -m tcp -p TCP --dport 210 -j DNAT --to 192.168.0.2:210

# http & ssl posting
#-A PREROUTING -i eth0 -m tcp -p TCP --dport 8000 -j DNAT --to 192.168.0.2:80
#-A PREROUTING -i eth0 -m tcp -p TCP --dport 443 -j DNAT --to 192.168.0.2:443

# Terminal Service posting
-A PREROUTING -i eth0 -m tcp -p TCP --dport 3389 -j DNAT --to 192.168.0.2:3389

COMMIT

*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

-A PREROUTING -p tcp --sport 22 -j TOS --set-tos Minimize-Delay
-A PREROUTING -p tcp --sport 210 -j TOS --set-tos Minimize-Delay
-A PREROUTING -p tcp --sport 209 -j TOS --set-tos Maximize-Throughput

-A OUTPUT -p tcp --dport 22 -j TOS --set-tos Minimize-Delay
-A OUTPUT -p tcp --dport 210 -j TOS --set-tos Minimize-Delay
-A OUTPUT -p tcp --dport 209 -j TOS --set-tos Maximize-Throughput

COMMIT
2007/09/01 23:27 2007/09/01 23:27
TAG , ,
받은 트랙백이 없고 , 댓글이 없습니다.
<< prev 1 next >>