续前文;随意写了几个命令。来充分利用L7的优势。据测试的效果还是不错的。下面是我的部分IPTABLES。请注意。有可能重复限制了BT EMULE等了。
[root@nginx-http ipp2p-0.8.2]# iptables-save
# Generated by iptables-save v1.3.7 on Wed Jan 9 18:10:10 2008
*mangle
:PREROUTING ACCEPT [39560:5353718]
:INPUT ACCEPT [516:35974]
:FORWARD ACCEPT [39043:5317714]
:OUTPUT ACCEPT [484:34806]
:POSTROUTING ACCEPT [15217:3724119]
-A POSTROUTING -m layer7 --l7proto skypetoskype -j Drop
-A POSTROUTING -m layer7 --l7proto skypeout -j Drop
-A POSTROUTING -m layer7 --l7proto edonkey -j Drop
-A POSTROUTING -m layer7 --l7proto fasttrack -j Drop
-A POSTROUTING -m layer7 --l7proto bittorrent -j Drop
COMMIT
# Completed on Wed Jan 9 18:10:10 2008
# Generated by iptables-save v1.3.7 on Wed Jan 9 18:10:10 2008
*filter
:INPUT ACCEPT [524:36294]
:FORWARD ACCEPT [15294:3822741]
:OUTPUT ACCEPT [500:37030]
-A FORWARD -m layer7 --l7proto edonkey -j Drop
-A FORWARD -m layer7 --l7proto bittorrent -j Drop
COMMIT
# Completed on Wed Jan 9 18:10:10 2008
# Generated by iptables-save v1.3.7 on Wed Jan 9 18:10:10 2008
*nat
:PREROUTING ACCEPT [25468:1606241]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [1:124]
-A POSTROUTING -s 192.168.1.0/255.255.255.0 -o ppp0 -j MASQUERADE
-A POSTROUTING -s 10.0.10.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Wed Jan 9 18:10:10 2008
[root@nginx-http ipp2p-0.8.2]#
呵呵,系统显示的匹配策略来SHOW下效果:
[
本帖最后由 rickyfang 于 2008-1-9 20:54 编辑 ]
Powered by IXPUB.Net © 2001-2007 All Right Reserved. 
