iptables\ub294 \ub9ac\ub205\uc2a4\ub97c \uc124\uce58\ud558\uba74 \ubcf4\ud1b5 \uae30\ubcf8\uc801\uc73c\ub85c \uc124\uce58\ub418\ubbc0\ub85c
\n\uc124\uce58\ubc29\ubc95\uc740 \ub530\ub85c \uc124\uba85\ud558\uc9c0 \uc54a\uc73c\uba70 \uc608\uc81c \uc704\uc8fc\ub85c \uac04\ub2e8\ud788 \uc0ac\uc6a9\ubc95\uc744 \uc54c\uc544 \ubcf4\uaca0\uc2b5\ub2c8\ub2e4.
\n\uc544\ub798 \uba85\ub839\uc5b4\ub294 \ubaa8\ub450 root\uad8c\ud55c\uc73c\ub85c \uc2e4\ud589\ud574\uc57c \ub428\uc744 \ubbf8\ub9ac \uc54c\ub824 \ub4dc\ub9bd\ub2c8\ub2e4.<\/p>\n
1. \ub9ac\ub205\uc2a4\uc5d0\uc11c \ubd80\ud305\uc2dc \uc790\ub3d9\uc73c\ub85c iptables \uc11c\ube44\uc2a4 \uc2dc\uc791\ud558\uae30:
\n\uc544\ub798 2\uac00\uc9c0 \ubc29\ubc95 \uc911\uc5d0 \ud558\ub098\ub85c \ubcf4\ud1b5 \uc11c\ube44\uc2a4\ub97c \uc790\ub3d9\uc2e4\ud589\ud558\ub3c4\ub85d \ub4f1\ub85d\ud55c\ub2e4.
\n1) \uc258\ucc3d\uc5d0\uc11c 3, 5 \ubaa8\ub4dc\uc5d0\uc11c \uc7ac\ubd80\ud305\uc2dc \uc790\ub3d9\uc73c\ub85c iptables \uc11c\ube44\uc2a4\uac00 \uc2dc\uc791\ub418\ub3c4\ub85d \ud558\ub294 \uba85\ub839\uc5b4<\/p>\n
# chkconfig --level 35 iptables on<\/pre>\n–> 3: multi console \ubaa8\ub4dc , 5: X\uc708\ub3c4\uc6b0\uc988 \ubaa8\ub4dc
\n2) ntsysv \uc5d0\uc11c iptalbes \uc11c\ube44\uc2a4 \uccb4\ud06c<\/p>\n# ntsysv<\/pre>\n2. \uba3c\uc800 iptables \uc758 \uc635\uc158\uc740 \uc544\ub798\uc640 \uac19\ub2e4.
\niptables \uc5d0\ub294 3\uac00\uc9c0 chain \uc774 \uc874\uc7ac: INPUT, OUTPUT, FORWARD
\n1) \ud544\ud130\ub9c1 \uc0ac\uc2ac \uc804\uccb4 \uc870\uc791 \uc635\uc158
\n-N : \uc0c8\ub85c\uc6b4 \uc0ac\uc2ac \ub9cc\ub4e4\uae30
\n-L : \uc0ac\uc2ac\uc758 \uaddc\uce59\uc744 \ubcf4\uc5ec\uc8fc\uae30
\n-X : \ube44\uc5b4 \uc788\ub294 \uc0ac\uc2ac\uc744 \uc5c6\uc560\uae30
\n-P : \uc0ac\uc2ac\uc758 \uaddc\uce59\uc744 \ubc14\uafb8\uae30
\n-F : \uc0ac\uc2ac\uc5d0 \uc788\ub294 \ubaa8\ub4e0\uaddc\uce59\uc744 \uc9c0\uc6b0\uae30<\/p>\n2) \uc0ac\uc2ac\uc758 \uaddc\uce59\uc744 \uc870\uc791\ud558\ub294 \uc635\uc158
\n-A : \uc0ac\uc2ac\uc5d0 \uc0c8\ub85c\uc6b4 \uaddc\uce59\uc744 \ucd94\uac00\ud558\uae30(\ub9e8\uc544\ub798\uc5d0 \ucd94\uac00\ub428)
\n-I : \uc0ac\uc2ac\uc5d0 \uaddc\uce59\uc744 \uc0bd\uc785\ud558\uae30(\ub9e8\uc55e\ucabd\uc5d0 \uc0bd\uc785\ub428)
\n-R : \uc0ac\uc2ac\uc5d0 \uc788\ub294 \uaddc\uce59\uc744 \ub2e4\ub978 \uaddc\uce59\uacfc \uad50\ud658\ud558\uae30
\n-D : \uc0ac\uc2ac\uc5d0 \uc788\ub294 \uaddc\uce59\uc744 \uc5c6\uc560\uae30<\/p>\n3) \uaddc\uce59\uc744 \uc815\uc758\ud558\ub294\ub370 \ud544\uc694\ud55c \ud558\uc704\uc635\uc158
\n-s : \ucd9c\ubc1c\uc9c0 \uc8fc\uc18c
\n-d : \ubaa9\uc801\uc9c0 \uc8fc\uc18c
\n–sport : \ucd9c\ubc1c\uc9c0(source) \ud3ec\ud2b8\ubc88\ud638
\n–dport : \ubaa9\uc801\uc9c0 \ud3ec\ud2b8\ubc88\ud638
\n-p : \ud504\ub85c\ud1a0\ucf5c(tcp, udp, icmp ..)
\n-i : \ud328\ud0b7\uc774 \ub4e4\uc5b4\uc624\ub294 \ub124\ud2b8\uc6cc\ud06c \uc778\ud130\ud398\uc774\uc2a4(inbound interface)
\n-o : \ud328\ud0b7\uc774 \ub098\uac00\ub294
\n-f : \ubd84\uc808\ub41c(fragment) packet
\n-j : \uaddc\uce59\uc744 \uc9c0\uc815(jump)<\/p>\n3. \uae30\ubcf8\uc815\ucc45\uc744 ACCEPT\ub85c \uc124\uc815\ud558\ub294 \ubc95:<\/p>\n
# iptables -P INPUT ACCEPT\r\n# iptables -P OUTPUT ACCEPT\r\n# iptables -P FORWARD ACCEPT\r\n<\/pre>\n4. \ud604\uc7ac \uc790\uc2e0\uc758 \ubc29\ud654\ubcbd \uaddc\uce59\uc744 \ubcfc \uc218 \uc788\ub294 \uba85\ub839:<\/p>\n
# iptables --list \ub610\ub294 iptables -L<\/pre>\n\ucc98\uc74c\uc73c\ub85c \uba85\ub839\uc744 \uc2e4\ud589\ud558\uba74 \uc544\ub798\uc640 \uac19\uc774 \uc544\ubb34 \uc815\ucc45\ub3c4 \uc124\uc815\ub418\uc5b4 \uc788\uc9c0 \uc54a\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n
# iptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain RH-Firewall-1-INPUT (0 references)\r\n<\/pre>\n5. \uaddc\uce59 \ucd94\uac00 \ud6c4\uc5d0 \uc800\uc7a5\ud558\uae30 :
\n\ud604\uc7ac \uaddc\uce59\uc744 \uc800\uc7a5\ud558\ub294 \uba85\ub839\uc5b4\ub294 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n# \/etc\/rc.d\/init.d\/iptables save<\/pre>\n-> \/etc\/sysconfig\/iptables \uc5d0 \uc800\uc7a5\ub428
\n\uc704 \uba85\ub839\uc5b4\ub85c \uc800\uc7a5\ud6c4\uc5d0 \uc2e4\uc81c \uc800\uc7a5\ub41c \ud30c\uc77c\uc744 \ud655\uc778\ud574 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\uc774 \uc544\ubb34 \uc124\uc815\uc774 \uc548\ub41c\uac83\uc744 \uc54c \uc218 \uc788\ub2e4.<\/p>\n# vi \/etc\/sysconfig\/iptables\r\n# Generated by iptables-save v1.3.5 on Thu Jun 25 18:25:02 2009\r\n*filter\r\n:INPUT ACCEPT [11:764]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [320:65885]\r\n:RH-Firewall-1-INPUT - [0:0]\r\nCOMMIT\r\n# Completed on Thu Jun 25 18:25:02 2009\r\n<\/pre>\n\uc774\uc81c \uac04\ub2e8\ud55c \uaddc\uce59\uc744 \ucd94\uac00\ud574 \ubcf4\uc790.
\n\uc608\ub97c \ub4e4\uc5b4 ip= 192.168.0.111 \ub97c \uc785\ub825\ub2e8\uc5d0\uc11c \ud328\ud0b7\uc744 drop\ud558\ub294 \uaddc\uce59\uc744 \ucd94\uac00\ud558\uace0 \ud604\uc7ac \uc815\ucc45\uc744 \ud655\uc778\ud55c\ub2e4.<\/p>\n# iptables -A INPUT -s 192.168.0.111 -j DROP\r\n# iptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\nDROP \u00a0 \u00a0 \u00a0 all\u00a0 --\u00a0 192.168.0.111 \u00a0 \u00a0 \u00a0 anywhere\r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain RH-Firewall-1-INPUT (0 references)\r\n<\/pre>\n\uc774\uc81c \uc800\uc7a5\uc744 \ud55c \ud6c4\uc5d0 \uc800\uc7a5\ub41c \ud30c\uc77c\uc744 \ud655\uc778\ud574 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\uc774 \uaddc\uce59\uc774 \uc800\uc7a5\ub418\uc5b4 \uc788\ub294\uac83\uc744
\n\ubcfc \uc218 \uc788\ub2e4.<\/p>\n# \/etc\/rc.d\/init.d\/iptables save\r\n# vi \/etc\/sysconfig\/iptables\r\n# Generated by iptables-save v1.3.5 on Mon Dec\u00a0 7 14:55:45 2009\r\n*filter\r\n:INPUT ACCEPT [6561:820283]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [5984:1470873]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -s 192.168.0.111 -j DROP\u00a0 <--- \uc774\ubd80\ubd84\uc774 \uc0c8\ub85c \ucd94\uac00\ud55c \uaddc\uce59\r\nCOMMIT\r\n# Completed on Mon Dec\u00a0 7 14:55:45 2009\r\n<\/pre>\n6. \ud604\uc7ac iptables \uaddc\uce59\uc744 \ucd08\uae30\ud654 \ud558\uae30:<\/p>\n
# iptables -F<\/pre>\n\uc704 \uba85\ub839\uc5b4\ub97c \uc2e4\ud589\ud558\uace0 \uc815\ucc45\uc744 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\uc774 \ucd08\uae30\ud654 \ub418\uc5b4 \uc788\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4<\/p>\n
# iptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget \u00a0 \u00a0 prot opt source \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 destination\r\n\r\nChain RH-Firewall-1-INPUT (0 references)\r\n<\/pre>\n\uadf8\ub7ec\ub098 \uc2e4\uc81c \uc800\uc7a5\ub418\uc5b4 \uc788\ub294 \ub0b4\uc6a9\uc744 \ubcf4\uba74 \uc544\ub798\uc640 \uac19\uc774 \ucd08\uae30\ud654\uac00 \ub418\uc5b4 \uc788\uc9c0 \uc54a\ub294 \uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n
# vi \/etc\/sysconfig\/iptables\r\n# Generated by iptables-save v1.3.5 on Mon Dec\u00a0 7 14:55:45 2009\r\n*filter\r\n:INPUT ACCEPT [6561:820283]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [5984:1470873]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -s 192.168.0.111 -j DROP\u00a0 <--- \uc774\ubd80\ubd84\uc774 \uc0c8\ub85c \ucd94\uac00\ud55c \uaddc\uce59\r\nCOMMIT\r\n# Completed on Mon Dec\u00a0 7 14:55:45 2009\r\n<\/pre>\n\uc989, \ucd08\uae30\ud654 \uba85\ub839\uc5b4\ub294 \ud604\uc7ac\uc0c1\ud0dc\uc5d0\ub9cc \uc801\uc6a9\ub418\uba70,
\niptables \uc11c\ube44\uc2a4\uac00 \uc7ac\uc2dc\uc791\ub418\uac70\ub098 \uc11c\ubc84\uac00 \ub9ac\ubd80\ud305\ub418\uba74 \/etc\/sysconfig\/iptables \uc5d0 \uc800\uc7a5\ub418\uc5c8\ub358
\n\uaddc\uce59\uc774 \ub2e4\uc2dc \uc801\uc6a9\ub41c\ub2e4\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4.<\/p>\n7. \uc815\ucc45\uc744 \ube60\ub974\uac8c \uc218\uc815\ud558\uc5ec \uc801\uc6a9\ud558\ub294 \ubc95 :
\n6 \uc5d0\uc11c\uc640 \uac19\uc774 \uc815\ucc45\uc744 \ucd08\uae30\ud654 \ud558\uace0 \uc11c\ube44\uc2a4\ub97c \uc7ac\uc2dc\uc791\ud574\uc57c \ud558\ub294 \ubc29\ubc95\uc740 \uc0c1\ub2f9\ud788 \ube44\ud6a8\uc728\uc801\uc778\uac83\uc744 \uc54c \uc218 \uc788\ub2e4.
\n\ub530\ub77c\uc11c \ud604\uc7ac \uc801\uc6a9\ub418\ub294 \uc815\ucc45\uc744 \ud2b9\uc815\ud30c\uc77c(\ub0a0\uc9dc\ubcc4)\ub85c \uc800\uc7a5\ud574\uc11c \uc218\uc815\uc0ac\ud56d\uc774 \uc788\ub2e4\uba74
\n\ubc14\ub85c \uadf8 \uc800\uc7a5\ub41c \ud30c\uc77c\uc744 \uc218\uc815\ud55c\ud6c4 \ubc14\ub85c \uc815\ucc45\uc5d0 \uc801\uc6a9\ud558\ub294 \ubc29\ubc95\uc740 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n1) \ud604\uc7ac \uc801\uc6a9\ub418\uace0 \uc788\ub294 \uc815\ucc45\uc744 \uc77d\uae30 \uac00\ub2a5\ud55c \ud14d\uc2a4\ud2b8\ud30c\uc77c \ud615\ud0dc\ub85c \uc800\uc7a5\ud558\ub294 \uba85\ub839\uc5b4\ub294 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n
# iptables-save > \/root\/iptable_091207.save<\/pre>\n\ud655\uc778\ud574 \ubcf4\uba74 \ub611\uac19\uc774 \uc800\uc7a5\ub418\uc5b4 \uc788\ub294\uac83\uc744 \ubcfc \uc218 \uc788\ub2e4.<\/p>\n
# cat\u00a0 \/root\/iptable_091207.save\r\n# Generated by iptables-save v1.3.5 on Mon Dec\u00a0 7 14:55:45 2009\r\n*filter\r\n:INPUT ACCEPT [6561:820283]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [5984:1470873]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -s 192.168.0.111 -j DROP\u00a0 <--- \uc774\ubd80\ubd84\uc774 \uc0c8\ub85c \ucd94\uac00\ud55c \uaddc\uce59\r\nCOMMIT\r\n# Completed on Mon Dec\u00a0 7 14:55:45 2009\r\n<\/pre>\n2) \uc774\uc81c \uc800\uc7a5\ub418\uc5b4 \uc788\ub294 iptables \ud30c\uc77c\uc744 \ubc14\ub85c \ud3b8\uc9d1\uae30\ub85c \uc218\uc815 \ud55c\ud6c4 \uc800\uc7a5\ud55c\ub2e4.<\/p>\n
# vi \/root\/iptable_091207.save\r\n# Generated by iptables-save v1.3.5 on Mon Dec\u00a0 7 14:55:45 2009\r\n*filter\r\n:INPUT ACCEPT [6561:820283]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [5984:1470873]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -s 192.168.0.199 -j DROP\u00a0 <--- \ud3b8\uc9d1\uae30\uc5d0\uc11c 111 -> 199 \ub85c \ubcc0\uacbd\r\n-A INPUT -s 222.222.222.222 -j DROP <--- \ud3b8\uc9d1\uae30\uc5d0\uc11c \uc0c8\ub85c \uc815\ucc45 \ucd94\uac00\r\nCOMMIT\r\n# Completed on Mon Dec\u00a0 7 14:55:45 2009\r\n<\/pre>\n3) \uc800\uc7a5\ub41c \uc815\ucc45\uc744 \ubc14\ub85c \uc801\uc6a9\ud558\ub294 \uba85\ub839\uc5b4\ub294 \ub2e4\uc74c\uacfc \uac19\ub2e4.<\/p>\n
# cat \/root\/iptable_091207.save | iptables-restore\r\n\r\n\ud655\uc778\ud574 \ubcf4\uba74 \ud3b8\uc9d1\uae30\ub85c \uc218\uc815\ud588\ub358 \ubd80\ubd84\uc774 \uc544\ub798\uc640 \uac19\uc774 \ubc14\ub85c iptables \uc815\ucc45\uc774 \uc801\uc6a9\ub418\uc5b4 \uc788\ub294 \uac83\uc744 \uc54c \uc218 \uc788\ub2e4\r\n# iptables -L\r\n# Generated by iptables-save v1.3.5 on Mon Dec\u00a0 7 14:55:45 2009\r\n*filter\r\n:INPUT ACCEPT [6561:820283]\r\n:FORWARD ACCEPT [0:0]\r\n:OUTPUT ACCEPT [5984:1470873]\r\n:RH-Firewall-1-INPUT - [0:0]\r\n-A INPUT -s 192.168.0.199 -j DROP\u00a0 <--- \ud3b8\uc9d1\uae30\uc5d0\uc11c 111 -> 199 \ub85c \ubcc0\uacbd\ud588\ub358 \ubd80\ubd84\r\n-A INPUT -s 222.222.222.222 -j DROP <--- \ud3b8\uc9d1\uae30\uc5d0\uc11c \uc0c8\ub85c \uc815\ucc45 \ucd94\uac00\ud588\ub358 \ubd80\ubd84\r\nCOMMIT\r\n# Completed on Mon Dec\u00a0 7 14:55:45 2009\r\n<\/pre>\n8. iptables \uc0ac\uc6a9\uc608 :
\n\ub9c8\uc9c0\ub9c9\uc73c\ub85c \uc0ac\uc6a9\uc608\ub97c \uba87\uac1c \uc54c\uc544\ubcf4\uba74 \uc544\ub798\uc640 \uac19\ub2e4.<\/p>\n\uc6081) \uc18c\uc2a4 ip\uac00 192.168.0.111 \uc778 \uc811\uc18d\uc758 \ubaa8\ub4e0 \uc811\uc18d \ud3ec\ud2b8\ub97c \ub9c9\uc544\ub77c.<\/p>\n
# iptables -A INPUT -s 192.168.0.111 -j DROP<\/pre>\n\uc6082) INPUT \uc0ac\uc2ac\uc5d0 \ucd9c\ubc1c\uc9c0 \uc8fc\uc18c\uac00 127.0.0.1(-s 127.0.0.1) \uc778 icmp \ud504\ub85c\ud1a0\ucf5c(-p icmp) \ud328\ud0b7\uc744 \uac70\ubd80(-j DROP)\ud558\ub294
\n\uc815\ucc45\uc744 \ucd94\uac00(-A)\ud558\ub77c<\/p>\n# iptables -A INPUT -p icmp -s 127.0.0.1 -j DROP<\/pre>\n\uc6083) INPUT \uc0ac\uc2ac\uc5d0 \ubaa9\uc801\uc9c0 \ud3ec\ud2b8\uac00 23\ubc88(--dport23)\uc778 tcp \ud504\ub85c\ud1a0\ucf5c(-p tcp) \ud328\ud0b7\uc744 \uac70\ubd80\ud558\ub294(-j DROP)\uaddc\uce59\uc744
\n\ucd94\uac00(-A) \ud558\ub77c.<\/p>\n# iptables -A INPUT -p tcp --dport 23 -j DROP<\/pre>\n\uc6084) INPUT \uc0ac\uc2ac\uc5d0 \ubaa9\uc801\uc9c0 \ud3ec\ud2b8 \ubc88\ud638\uac00 80\ubc88(--dport 80)\uc778 tcp \ud504\ub85c\ud1a0\ucf5c(-p tcp)\ud328\ud0b7\uc744 \ubc1b\uc544\ub4e4\uc774\ub294(-j ACCEPT)
\n\uaddc\uce59\uc744 \ucd94\uac00(-A) \ud558\ub77c<\/p>\n# iptables -A INPUT -p tcp --dport 80 -j ACCEPT<\/pre>\n\uc6085) INPUT \uc0ac\uc2ac\uc5d0 \ubaa9\uc801\uc9c0 \ud3ec\ud2b8\ubc88\ud638\uac00 1023\ubc88 \ubcf4\ub2e4 \uc791\uc740 \ubaa8\ub4e0 \ud3ec\ud2b8(--dport :1023)\uc778 tcp\ud504\ub85c\ud1a0\ucf5c(-p tcp)\ud328\ud0b7\uc744
\n\uac70\ubd80\ud558\ub294(-j DROP)\uaddc\uce59\uc744 \ucd94\uac00(-A)\ud558\ub77c<\/p>\n# iptables -A INPUT -p tcp --dport :1023 -j DROP<\/pre>\n\uc6086) ftp\ud3ec\ud2b8\ub97c \uc5f4\uc5b4\ub77c<\/p>\n
# iptables -I INPUT -p tcp --dport 21 -j ACCEPT\r\n\r\n\uc6087) imap \uc11c\ube44\uc2a4\ub97c \ubc29\ud654\ubcbd\uc5d0\uc11c \uc5f4\uc5b4\ub77c\r\n# iptables -I INPUT -s 192.168.0.0\/255.255.255.0 -p udp --dport 143 -j ACCEPT<\/pre>\n\uc6088) \uc6f9\uc11c\ubc84 \ubc29\ud654\ubcbd \uc5f4\uc5b4\ub77c<\/p>\n
# iptables -I INPUT -p tcp --dport 80 -j ACCEPT<\/pre>\n\uc6089) \uc6f9\uc11c\ubc84 \ud3ec\ud2b8 80 -> 8880\uc73c\ub85c \uad50\uccb4\ud558\ub77c( \uc6f9\uc11c\ube44\uc2a4 \ud3ec\ud2b8 \ubcc0\uacbd\uc2dc \/etc\/services \uc5d0\uc11c\ub3c4 \ubcc0\uacbd \ud574\uc918\uc57c \ud568)<\/p>\n
# iptables -R INPUT 2 -p tcp --dport 8880 -j ACCEPT<\/pre>\n\uc60810) domain-access_log \ud30c\uc77c\uc5d0 \uc788\ub294 \ubaa8\ub4e0 ip\uc758 \ubaa8\ub4e0 \uc811\uc18d \ud3ec\ud2b8\ub97c \ub9c9\uc544\ub77c(DOS\uacf5\uaca9 \ubc29\uc5b4\uc2dc \uc0ac\uc6a9)<\/p>\n
# cat domain-access_log |awk '{print $1}'|sort |uniq |awk '{print \"iptables -A INPUT -s \"$1\" -j DROP\"}'|\/bin\/bash<\/pre>\n