有人能在iptables中为特定用户和VPN解释这些规则吗?
有人能在iptables中为特定用户和VPN解释这些规则吗?
提问于 2020-12-14 21:02:09
我使用了来自这里的脚本来设置规则,以确保用户transmission-daemon只能通过我使用的VPN发送流量。
至少作者是这么说的。我很难理解下面的输出。例如,tcp spt:9091 owner GID match debian-transmission一行是什么意思?为什么这条规则没有交通流量?
提示:我的以太网端口是enp3s0 (类似于eth0)。
$ sudo iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
436 35225 f2b-sshd tcp -- any any anywhere anywhere multiport dports ssh
1085 221K ACCEPT all -- tun0 any anywhere anywhere
2913 923K ACCEPT all -- enp3s0 any anywhere anywhere
112 12221 ACCEPT all -- lo any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 all -- any any anywhere anywhere
Chain OUTPUT (policy ACCEPT 4540 packets, 1267K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any enp3s0 anywhere 192.168.100.0/25 tcp spt:9091 owner GID match debian-transmission
0 0 ACCEPT udp -- any enp3s0 anywhere 192.168.100.0/25 udp spt:9091 owner GID match debian-transmission
2263 202K ACCEPT all -- any tun0 anywhere anywhere owner GID match debian-transmission
12 2581 ACCEPT all -- any lo anywhere anywhere owner GID match debian-transmission
0 0 REJECT all -- any any anywhere anywhere owner GID match debian-transmission reject-with icmp-port-unreachable回答 1
Ask Ubuntu用户
回答已采纳
发布于 2020-12-14 21:38:01
规则:
iptables -A OUTPUT -d 192.168.100.0/25 -p tcp --sport 9091 -m owner --gid-owner debian-transmission -o enp3s0 -j ACCEPT如果数据包的范围为192.168.100.0 - 192.168.100.127,并且协议为tcp,源端口为9091,数据包所有者为debian-传输,则将接受该数据包,并且它的目的地是网络接口enp3s0,否则转到下一个iptables规则。
页面原文内容由Ask Ubuntu提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://askubuntu.com/questions/1300136
复制相关文章
相似问题
腾讯云开发者
