Доброго всем времени суток! Как запретить доступ извне с помощью iptables? есть: # Generated by iptables-save v1.3.5 on Mon Jul 30 09:48:57 2007 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -s 192.168.62.0/255.255.255.0 -i eth0 -p tcp -m multiport --dports ssh,443,1080,3128,10000 -j ACCEPT -A PREROUTING -p tcp -m tcp -m multiport --dports 80,8080 -j REDIRECT --to-port 3128 -A PREROUTING -s 192.168.62.29 -i eth0 -p tcp -m multiport --dports smtp,pop3,http,5190,1192,1193 -j ACCEPT -A PREROUTING -s 192.168.62.252 -i eth0 -p tcp -m multiport --dports smtp,pop3 -j ACCEPT -A PREROUTING -s 192.168.62.21 -i eth0 -p tcp -m multiport --dports smtp,pop3,http,5190,1192,1193 -j ACCEPT smtp,pop3,http,5190,1192,1193 -j ACCEPT -A PREROUTING -s 192.168.62.42 -i eth0 -p tcp -m multiport --dports http -j ACCEPT -A PREROUTING -s 192.168.62.55 -i eth0 -p tcp -m multiport --dports http,pop3,5190 -j ACCEPT -A PREROUTING -s 192.168.62.37 -i eth0 -p tcp -m multiport --dports smtp,pop3,443,5190,http -j ACCEPT -A PREROUTING -s 192.168.62.50 -i eth0 -p tcp -m multiport --dports smtp,pop3,443,5190,http -j ACCEPT -A PREROUTING -s 192.168.62.29 -i eth0 -p tcp -m multiport --dports smtp,pop3,443,5190,http -j ACCEPT -A PREROUTING -s 192.168.62.28 -i eth0 -p tcp -m multiport --dports smtp,pop3,http -j ACCEPT -A PREROUTING -s 192.168.62.35 -i eth0 -p tcp -m multiport --dports smtp,pop3,http,8180,5190 -j ACCEPT -A PREROUTING -s 192.168.62.0/255.255.255.0 -i eth0 -p tcp -m multiport --dports ssh,135,139,443,445,1080,3128,10000 -j ACCEPT -A PREROUTING -s 192.168.62.0/255.255.255.0 -i eth0 -p tcp -j DROP -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Jul 30 09:48:57 2007 # Generated by iptables-save v1.3.5 on Mon Jul 30 09:48:57 2007 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Mon Jul 30 09:48:57 2007но чувствую 5-й точкой, что извне все порты открыты. помогите сделать так, чтобы извне ко мне на шлюз не зашли.
|