iptable请高手分析

河边星星

# Completed on Fri Aug 20 20:06:57 2004
# Generated by iptables-save v1.2.9 on Fri Aug 20 20:06:57 2004
*filter
:INPUT ACCEPT [52042057:32353032224]
:FORWARD ACCEPT [25252678:1338301947]
:OUTPUT ACCEPT [56308509:38354072610]
-A FORWARD -s 192.168.1.24 -m mac ! --mac-source 00:09:6B:60:12:71 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.1.54 -m mac ! --mac-source 00:05:5D:6B:07:69 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -s 192.168.1.66 -m mac ! --mac-source 00:09:6B:FA:BE:AA -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Fri Aug 20 20:06:57 2004
# Generated by iptables-save v1.2.9 on Fri Aug 20 20:06:57 2004
*mangle
REROUTING ACCEPT [77422643:33700742471]
:INPUT ACCEPT [83107721:54136784120]
:FORWARD ACCEPT [43529940:2552438068]
:OUTPUT ACCEPT [56326287:38355389553]
OSTROUTING ACCEPT [132547729:64762843862]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j MARK --set-mark 0x1
-A OUTPUT -d ! 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 25 -j MARK --set-mark 0x1
-A OUTPUT -d ! 192.168.0.0/255.255.0.0 -p tcp -m tcp --sport 25 -j MARK --set-mark 0x1
-A OUTPUT -d ! 192.168.0.0/255.255.0.0 -p tcp -m tcp --dport 995 -j MARK --set-mark 0x1
-A OUTPUT -d ! 192.168.0.0/255.255.0.0 -p tcp -m tcp --sport 995 -j MARK --set-mark 0x1
-A OUTPUT -d ! 192.168.0.0/255.255.0.0 -p udp -m udp --dport 995 -j MARK --set-mark 0x1
-A OUTPUT -d ! 192.168.0.0/255.255.0.0 -p udp -m udp --sport 995 -j MARK --set-mark 0x1
COMMIT
# Completed on Fri Aug 20 20:06:57 2004

河边星星

這是我的一個同事公司的iptables,用iptables save > ....産生的...請你們幫我大概解釋一下...

zonzi

看上去有点像内网网关的ip转发功能,具体最好到网络版去问问

aaccdd

建议看看iptables指南
http://www.linuxsir.cn/forum.php?mod=viewthread&tid=80653