正在加载图片...
SIPT-A INPUT-p TCP-I SINET IF -dport 80-jACCEPT www SIPT-A INPUT-P TCP-I SINET_ IF -dport 110-jACCEPT POP3 #禁止BT连接 SIPT-I FORWARD-m state-state ESTABLISHED, RELATED-jACCEPT SIPT-AFORWARD-m ipp2p--edk-kazaa-bit-j DROP SIPT-A FORWARD-p tcp-m ipp2p--ares-j DROP SIPT-A FORWARD-p udp-m ipp2p--kazaa-jDROP #只允许每组p同时15个80端口转发 SIPT-A FORWARD-p tcp-syn-dport 80-m connlimit--connlimit-above 15--connlimit-mask 24 -j DROP MAC、IP地址绑定 SIPT-A FORWARD-S 192 168.0.1-m mac e 00: E2: 34: Al: 56 C2-p tcp-dport 80-jACCEPT SIPT-A FORWARD-S 192 168.0.10-m mac ce 00: 22: DA: 32: C1: 8B-p tcp--dport 80-j ACCEPT SIPT-A FORWARD-S 192 168.0.62-m mac ce 00: 0C: A1: 2E: BC: 16-p tcp--dport 80-j ACCEPT SIPT-A FORWARD-S 192168.0.254-m mac -mac-source 00: 0D: B3: F2: C2: 56-ptcp--dport 80-jACCEPT #禁止192.1680.22使用QQ SIPT-t mangle-A POSTROUTING-m layer7--17proto qq-s 192 168.1.12/32-j DROP SIPT-t mangle-A POSTROUTING-m layer7--I7proto qq-d 192.168.1 12/32-j DROP #禁止192.1680.22使用MSN #SIPT-t mangle -A POSTROUTING-m layer7--I7proto msnmessenger-s 192 168.0.22/32 - DROP #SIPT-t mangle -A POSTROUTING-m layer7--17proto msnmessenger-d 192.168.0. 22/32 -j DROP 022流量 SIPT -A PREROUTING-S 192 168.0.22-j MARK--set-mark 30 SIPT a POstroUting- d 192. 168.0.22-jMArK--set-mark 30$IPT -A INPUT -p TCP -i $INET_IF --dport 80 -j ACCEPT # WWW $IPT -A INPUT -p TCP -i $INET_IF --dport 110 -j ACCEPT # POP3 #禁止 BT 连接 $IPT -I FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A FORWARD -m ipp2p --edk --kazaa --bit -j DROP $IPT -A FORWARD -p tcp -m ipp2p --ares -j DROP $IPT -A FORWARD -p udp -m ipp2p --kazaa -j DROP #只允许每组 ip 同时 15 个 80 端口转发 $IPT -A FORWARD -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 --connlimit-mask 24 -j DROP #MAC、IP 地址绑定 $IPT -A FORWARD -s 192.168.0.1 -m mac --mac-source 00:E2:34:A1:56:C2 -p tcp --dport 80 -j ACCEPT $IPT -A FORWARD -s 192.168.0.10 -m mac --mac-source 00:22:DA:32:C1:8B -p tcp --dport 80 -j ACCEPT $IPT -A FORWARD -s 192.168.0.62 -m mac --mac-source 00:0C:A1:2E:BC:16 -p tcp --dport 80 -j ACCEPT $IPT -A FORWARD -s 192.168.0.254 -m mac --mac-source 00:0D:E3:F2:C2:56 -p tcp --dport 80 -j ACCEPT # 禁止 192.168.0.22 使用 QQ $IPT -t mangle -A POSTROUTING -m layer7 --l7proto qq -s 192.168.1.12/32 -j DROP $IPT -t mangle -A POSTROUTING -m layer7 --l7proto qq -d 192.168.1.12/32 -j DROP # 禁止 192.168.0.22 使用 MSN # $IPT -t mangle -A POSTROUTING -m layer7 --l7proto msnmessenger -s 192.168.0.22/32 -j DROP # $IPT -t mangle -A POSTROUTING -m layer7 --l7proto msnmessenger -d 192.168.0.22/32 -j DROP #限制 192.168.0.22 流量 $IPT -t mangle -A PREROUTING -s 192.168.0.22 -j MARK --set-mark 30 $IPT -t mangle -A POSTROUTING -d 192.168.0.22 -j MARK --set-mark 30