如何在 ubuntu 上阻止 IP 地址？

Question

如何在 ubuntu 上阻止 IP 地址？

Jer*_*rry 2 ubuntu nat ip iptables blocking

我已将 Ubuntu 机器配置为路由器。NAT 配置步骤如下：

        #iptables -F
        #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
        #iptables-save > /etc/network/iptables

Run Code Online (Sandbox Code Playgroud)

然后将此文件位置保存在 rc.local

#vi /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.  
#  
/sbin/iptables-restore < /etc/network/iptables 
# In order to enable or disable this script just change the execution  
# bits.  
#  
# By default this script does nothing.
exit 0

#reboot

Run Code Online (Sandbox Code Playgroud)

它有效，现在我想阻止一个 IP 地址。为此，我执行了以下命令：

#iptables -A INPUT -s   69.171.229.11 -j DROP    
#iptables-save >  /etc/network/iptables    
#reboot

Run Code Online (Sandbox Code Playgroud)

但它不起作用。

vi /etc/network/iptables 现在看起来像这样：

 # Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012
*nat
:PREROUTING ACCEPT [870:97719]
:POSTROUTING ACCEPT [283:23151]
:OUTPUT ACCEPT [461:28753]
-A POSTROUTING -o eth0 -j MASQUERADE   COMMIT
 # Completed on Tue Feb 14 11:21:16 2012
 # Generated by iptables-save v1.4.4 on Tue Feb 14 11:21:16 2012
*filter
:INPUT ACCEPT [4914:3254723]
:FORWARD ACCEPT [2382:1222521]
:OUTPUT ACCEPT [4010:410041]
-A INPUT -s 98.137.149.56/32 -j DROP 
COMMIT
 # Completed on Tue Feb 14 11:21:16 2012

Run Code Online (Sandbox Code Playgroud)

阻止IP地址我错过了什么？

Answer 1

phe*_*mer 5

如果您想阻止 IP 使用 MASQUERADE 规则，您需要将该规则放入FORWARD链中，而不是INPUT链中。

iptables -I FORWARD -s 69.171.229.11 -j DROP

Run Code Online (Sandbox Code Playgroud)

归档时间：	13 年，10 月前
查看次数：	8810 次
最近记录：	10 年，7 月前