开启 ip_forward 后如何限制来源 ip

2022-10-27 17:13:08 +08:00
 dogking2
尝试过用 iptables 限制来源,但是失败了

B 配置:
net.ipv4.ip_forward = 1
iptables -I INPUT -s "C 的 ip" -j DROP

C --> B --> A:
1. C 可以到达 A ,rdp
2. C 不可以到达 B ,ssh
812 次点击
所在节点    问与答
2 条回复
chengandc
2022-10-27 17:25:01 +08:00
Assuming that the server knows how to route a packet and that the firewall rules permit its transmission, the following flows represent the paths that will be traversed in different situations:

Incoming packets destined for the local system: PREROUTING -> INPUT
Incoming packets destined to another host: PREROUTING -> FORWARD -> POSTROUTING
Locally generated packets: OUTPUT -> POSTROUTING

在 forward 链里面 drop
dogking2
2022-10-28 10:27:11 +08:00
@chengandc 感谢

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/890449

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX