Rechercher une page de manuel
ip6tables
Langue: ja
Version: 55220 (openSuse - 09/10/07)
Section: 8 (Commandes administrateur)
Sommaire
̾Á°
ip6tables - IPv6 ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¤ò´ÉÍý¤¹¤ë½ñ¼°
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -[AD] ¥Á¥§¥¤¥ó ¥ë¡¼¥ë¤Î¾ÜºÙ [¥ª¥×¥·¥ç¥ó]ip6tables [-t ¥Æ¡¼¥Ö¥ë] -I ¥Á¥§¥¤¥ó [¥ë¡¼¥ëÈÖ¹æ] ¥ë¡¼¥ë¤Î¾ÜºÙ [¥ª¥×¥·¥ç¥ó]
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -R ¥Á¥§¥¤¥ó ¥ë¡¼¥ëÈÖ¹æ ¥ë¡¼¥ë¤Î¾ÜºÙ [¥ª¥×¥·¥ç¥ó]
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -D ¥Á¥§¥¤¥ó ¥ë¡¼¥ëÈÖ¹æ [¥ª¥×¥·¥ç¥ó]
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -[LFZ] [¥Á¥§¥¤¥ó] [¥ª¥×¥·¥ç¥ó]
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -N ¥Á¥§¥¤¥ó
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -X [¥Á¥§¥¤¥ó]
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -P ¥Á¥§¥¤¥ó ¥¿¡¼¥²¥Ã¥È [¥ª¥×¥·¥ç¥ó]
ip6tables [-t ¥Æ¡¼¥Ö¥ë] -E µì¥Á¥§¥¤¥ó̾ ¿·¥Á¥§¥¤¥ó̾
ÀâÌÀ
ip6tables ¤Ï Linux ¥«¡¼¥Í¥ë¤Î IPv6 ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ë¡¼¥ë¤Î¥Æ¡¼¥Ö¥ë¤ò ÀßÄꡦ´ÉÍý¡¦¸¡ºº¤¹¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ Ê£¿ô¤Î°Û¤Ê¤ë¥Æ¡¼¥Ö¥ë¤¬ÄêµÁ¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¡£ ³Æ¥Æ¡¼¥Ö¥ë¤ÏÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤ò´Þ¤à¡£ ¤µ¤é¤Ë¥æ¡¼¥¶¡¼ÄêµÁ¤Î¥Á¥§¥¤¥ó¤ò´Þ¤à¤³¤È¤â¤Ç¤¤ë¡£³Æ¥Á¥§¥¤¥ó¤Ï¡¢¥Ñ¥±¥Ã¥È·²¤Ë¥Þ¥Ã¥Á¤¹¤ë¥ë¡¼¥ë¤Î¥ê¥¹¥È¤Ç¤¢¤ë¡£ ³Æ¥ë¡¼¥ë¤Ï¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ²¿¤ò¤¹¤ë¤«¤ò»ØÄꤹ¤ë¡£ ¤³¤ì¤Ï¡Ö¥¿¡¼¥²¥Ã¥È¡×¤È¸Æ¤Ð¤ì¡¢ Ʊ¤¸¥Æ¡¼¥Ö¥ëÆâ¤Î¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤Ë¥¸¥ã¥ó¥×¤¹¤ë¤³¤È¤â¤¢¤ë¡£
¥¿¡¼¥²¥Ã¥È
¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥ë¡¼¥ë¤Ï¡¢¥Ñ¥±¥Ã¥È¤òȽÃǤ¹¤ë´ð½à¤È¥¿¡¼¥²¥Ã¥È¤ò»ØÄꤹ¤ë¡£ ¥Ñ¥±¥Ã¥È¤¬¥Þ¥Ã¥Á¤·¤Ê¤¤¾ì¹ç¡¢¥Á¥§¥¤¥óÆâ¤Î¼¡¤Î¥ë¡¼¥ë¤¬É¾²Á¤µ¤ì¤ë¡£ ¥Ñ¥±¥Ã¥È¤¬¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¡¢ ¥¿¡¼¥²¥Ã¥È¤ÎÃͤˤè¤Ã¤Æ¼¡¤Î¥ë¡¼¥ë¤¬»ØÄꤵ¤ì¤ë¡£ ¥¿¡¼¥²¥Ã¥È¤ÎÃͤϡ¢¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤Î̾Á°¡¢¤Þ¤¿¤ÏÆÃÊ̤ÊÃÍ ACCEPT, DROP, QUEUE, RETURN ¤Î¤¦¤Á¤Î 1 ¤Ä¤Ç¤¢¤ë¡£ACCEPT ¤Ï¥Ñ¥±¥Ã¥È¤òÄ̤¹¤È¤¤¤¦°ÕÌ£¤Ç¤¢¤ë¡£ DROP ¤Ï¥Ñ¥±¥Ã¥È¤ò¾²¤ËÍ (¼Î¤Æ¤ë) ¤È¤¤¤¦°ÕÌ£¤Ç¤¢¤ë¡£ QUEUE ¤Ï¥Ñ¥±¥Ã¥È¤ò¥æ¡¼¥¶¡¼¶õ´Ö¤ËÅϤ¹¤È¤¤¤¦°ÕÌ£¤Ç¤¢¤ë (¥«¡¼¥Í¥ë¤¬¥µ¥Ý¡¼¥È¤·¤Æ¤¤¤ì¤Ð¤Ç¤¢¤ë¤¬)¡£ RETURN ¤Ï¡¢¤³¤Î¥Á¥§¥¤¥ó¤ò¸¡Æ¤¤¹¤ë¤³¤È¤òÃæ»ß¤·¤Æ¡¢ Á°¤Î (¸Æ¤Ó½Ð¤·Â¦) ¥Á¥§¥¤¥ó¤Î¼¡¤Î¥ë¡¼¥ë¤ÇÄä»ß¤¹¤ë¤È¤¤¤¦°ÕÌ£¤Ç¤¢¤ë¡£ ÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤ÎºÇ¸å¤ËÅþ㤷¤¿¾ì¹ç¡¢ ¤Þ¤¿¤Ï¥¿¡¼¥²¥Ã¥È RETURN ¤¬´Þ¤Þ¤ì¤Æ¤¤¤ëÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤Î¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¡¢ ¥Á¥§¥¤¥ó¥Ý¥ê¥·¡¼¤Ç»ØÄꤵ¤ì¤¿¥¿¡¼¥²¥Ã¥È¤¬ ¥Ñ¥±¥Ã¥È¤Î¹ÔÊý¤ò·èÄꤹ¤ë¡£
¥Æ¡¼¥Ö¥ë
¸½ºß¤Î¤È¤³¤í 2 ¤Ä¤ÎÆÈΩ¤Ê¥Æ¡¼¥Ö¥ë¤¬Â¸ºß¤¹¤ë (¤É¤Î¥Æ¡¼¥Ö¥ë¤¬¤É¤Î»þÅÀ¤Ç¸½¤ì¤ë¤«¤Ï¡¢ ¥«¡¼¥Í¥ë¤ÎÀßÄê¤ä¤É¤¦¤¤¤Ã¤¿¥â¥¸¥å¡¼¥ë¤¬Â¸ºß¤¹¤ë¤«¤Ë°Í¸¤¹¤ë)¡£ nat ¥Æ¡¼¥Ö¥ë¤Ï¡¢¤Þ¤À¼ÂÁõ¤µ¤ì¤Æ¤¤¤Ê¤¤¡£- -t, --table table
- ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¤É¤Î¥³¥Þ¥ó¥É¤òŬÍѤ¹¤Ù¤¤«¤ò·èÄꤹ¤ë¤¿¤á¤Î ¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥Æ¡¼¥Ö¥ë¤ò»ØÄꤹ¤ë¡£ ¥«¡¼¥Í¥ë¤Ë¼«Æ°¥â¥¸¥å¡¼¥ë¥í¡¼¥Ç¥£¥ó¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ ¤¢¤ë¥Æ¡¼¥Ö¥ë¤ËÂФ·¤ÆŬÀڤʥ⥸¥å¡¼¥ë¤¬¤Þ¤À¥í¡¼¥É¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¡¢ ¤½¤Î¥â¥¸¥å¡¼¥ë¤Î¥í¡¼¥É¤ò¹Ô¤¦¡£
¥Æ¡¼¥Ö¥ë¤Ï°Ê²¼¤ÎÄ̤ê¤Ç¤¢¤ë¡£
-
- filter:
- (-t ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï) ¤³¤ì¤¬¥Ç¥Õ¥©¥ë¥È¤Î¥Æ¡¼¥Ö¥ë¤Ç¤¢¤ë¡£ ¤³¤ì¤Ë¤Ï INPUT (¥Þ¥·¥ó¼«ÂΤËÆþ¤Ã¤Æ¤¯¤ë¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥Á¥§¥¤¥ó)¡¦ FORWARD (¥Þ¥·¥ó¤ò·Ðͳ¤¹¤ë¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥Á¥§¥¤¥ó)¡¦ OUTPUT (¥í¡¼¥«¥ë¥Þ¥·¥ó¤ÇÀ¸À®¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥Á¥§¥¤¥ó) ¤È¤¤¤¦ÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤¬´Þ¤Þ¤ì¤ë¡£
- mangle:
- ¤³¤Î¥Æ¡¼¥Ö¥ë¤ÏÆÃÊ̤ʥѥ±¥Ã¥ÈÊÑ´¹¤Ë»È¤ï¤ì¤ë¡£ ¥«¡¼¥Í¥ë 2.4.17 ¤Þ¤Ç¤Ï¡¢ PREROUTING (¥Ñ¥±¥Ã¥È¤¬Æþ¤Ã¤Æ¤¤¿¾ì¹ç¡¢ ¤¹¤°¤Ë¤½¤Î¥Ñ¥±¥Ã¥È¤òÊÑ´¹¤¹¤ë¤¿¤á¤Î¥Á¥§¥¤¥ó)¡¦ OUTPUT (¥í¡¼¥«¥ë¤ÇÀ¸À®¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤ò ¥ë¡¼¥Æ¥£¥ó¥°¤ÎÁ°¤ËÊÑ´¹¤¹¤ë¤¿¤á¤Î¥Á¥§¥¤¥ó) ¤È¤¤¤¦ 2 ¤Ä¤ÎÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤¬´Þ¤Þ¤ì¤Æ¤¤¤¿¡£ ¥«¡¼¥Í¥ë 2.4.18 ¤«¤é¤Ï¡¢¤³¤ì¤é¤Î¾¤Ë INPUT (¥Þ¥·¥ó¼«ÂΤËÆþ¤Ã¤Æ¤¯¤ë¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥Á¥§¥¤¥ó)¡¦ FORWARD (¥Þ¥·¥ó¤ò·Ðͳ¤¹¤ë¥Ñ¥±¥Ã¥È¤ËÂФ¹¤ë¥Á¥§¥¤¥ó)¡¦ POSTROUTING (¥Ñ¥±¥Ã¥È¤¬½Ð¤Æ¹Ô¤¯¤È¤¤ËÊÑ´¹¤¹¤ë¤¿¤á¤Î¥Á¥§¥¤¥ó)¡¦ ¤È¤¤¤¦ 3 ¤Ä¤ÎÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤â¥µ¥Ý¡¼¥È¤µ¤ì¤ë¡£
-
¥ª¥×¥·¥ç¥ó
ip6tables ¤Ç»È¤¨¤ë¥ª¥×¥·¥ç¥ó¤Ï¡¢¤¤¤¯¤Ä¤«¤Î¥°¥ë¡¼¥×¤Ëʬ¤±¤é¤ì¤ë¡£¥³¥Þ¥ó¥É
¤³¤ì¤é¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢¼Â¹Ô¤¹¤ëÆÃÄê¤ÎÆ°ºî¤ò»ØÄꤹ¤ë¡£ °Ê²¼¤ÎÀâÌÀ¤Çµö²Ä¤µ¤ì¤Æ¤¤¤Ê¤¤¸Â¤ê¡¢ ¤³¤ÎÃæ¤Î 1 ¤Ä¤·¤«¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç»ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¡£ Ť¤¥Ð¡¼¥¸¥ç¥ó¤Î¥³¥Þ¥ó¥É̾¤È¥ª¥×¥·¥ç¥ó̾¤Ï¡¢ ip6tables ¤¬Â¾¤Î¥³¥Þ¥ó¥É̾¤ä¥ª¥×¥·¥ç¥ó̾¤È¶èÊ̤Ǥ¤ëÈÏ°Ï¤Ç (ʸ»ú¤ò¾Êά¤·¤Æ) »ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë¡£- -A, --append chain rule-specification
- ÁªÂò¤µ¤ì¤¿¥Á¥§¥¤¥ó¤ÎºÇ¸å¤Ë 1 ¤Ä°Ê¾å¤Î¥ë¡¼¥ë¤òÄɲ乤롣 Á÷¿®¸µ¤äÁ÷¿®Àè¤Î̾Á°¤¬ 1 ¤Ä°Ê¾å¤Î¥¢¥É¥ì¥¹¤ËÂбþ¤·¤Æ¤¤¤ë¾ì¹ç¡¢ ²Äǽ¤Ê¥¢¥É¥ì¥¹¤ÎÁȹ礻¤Î¤½¤ì¤¾¤ì¤Ë¤Ä¤¤¤Æ¥ë¡¼¥ë¤¬Äɲ䵤ì¤ë¡£
- -D, --delete chain rule-specification
- -D, --delete chain rulenum
- ÁªÂò¤µ¤ì¤¿¥Á¥§¥¤¥ó¤«¤é 1 ¤Ä°Ê¾å¤Î¥ë¡¼¥ë¤òºï½ü¤¹¤ë¡£ ¤³¤Î¥³¥Þ¥ó¥É¤Ë¤Ï 2 ¤Ä¤Î»È¤¤Êý¤¬¤¢¤ë: ¥Á¥§¥¤¥ó¤ÎÃæ¤ÎÈÖ¹æ (ºÇ½é¤Î¥ë¡¼¥ë¤ò 1 ¤È¤¹¤ë) ¤ò»ØÄꤹ¤ë¾ì¹ç¤È¡¢ ¥Þ¥Ã¥Á¤¹¤ë¥ë¡¼¥ë¤ò»ØÄꤹ¤ë¾ì¹ç¤Ç¤¢¤ë¡£
- -I, --insert
- ÁªÂò¤µ¤ì¤¿¥Á¥§¥¤¥ó¤Ë¥ë¡¼¥ëÈÖ¹æ¤ò»ØÄꤷ¤Æ 1 ¤Ä°Ê¾å¤Î¥ë¡¼¥ë¤òÁÞÆþ¤¹¤ë¡£ ¥ë¡¼¥ëÈֹ椬 1 ¤Î¾ì¹ç¡¢¥ë¡¼¥ë¤Ï¥Á¥§¥¤¥ó¤ÎÀèƬ¤ËÁÞÆþ¤µ¤ì¤ë¡£ ¤³¤ì¤Ï¥ë¡¼¥ëÈֹ椬»ØÄꤵ¤ì¤Ê¤¤¾ì¹ç¤Î¥Ç¥Õ¥©¥ë¥È¤Ç¤â¤¢¤ë¡£
- -R, --replace chain rulenum rule-specification
- ÁªÂò¤µ¤ì¤¿¥Á¥§¥¤¥ó¤Ë¤¢¤ë¥ë¡¼¥ë¤òÃÖ¤´¹¤¨¤ë¡£ Á÷¿®¸µ¤äÁ÷¿®Àè¤Î̾Á°¤¬ 1 ¤Ä°Ê¾å¤Î¥¢¥É¥ì¥¹¤ËÂбþ¤·¤Æ¤¤¤ë¾ì¹ç¤Ï¼ºÇÔ¤¹¤ë¡£ ¥ë¡¼¥ë¤Ë¤Ï 1 ¤«¤é»Ï¤Þ¤ëÈֹ椬ÉÕ¤±¤é¤ì¤Æ¤¤¤ë¡£
- -L, --list [chain]
- ÁªÂò¤µ¤ì¤¿¥Á¥§¥¤¥ó¤Ë¤¢¤ëÁ´¤Æ¤Î¥ë¡¼¥ë¤ò°ìÍ÷ɽ¼¨¤¹¤ë¡£ ¥Á¥§¥¤¥ó¤¬»ØÄꤵ¤ì¤Ê¤¤¾ì¹ç¡¢Á´¤Æ¤Î¥Á¥§¥¤¥ó¤Ë¤¢¤ë¥ê¥¹¥È¤¬°ìÍ÷ɽ¼¨¤µ¤ì¤ë¡£ ¾¤Î³Æ iptables ¥³¥Þ¥ó¥É¤ÈƱÍͤˡ¢ »ØÄꤵ¤ì¤¿¥Æ¡¼¥Ö¥ë (¥Ç¥Õ¥©¥ë¥È¤Ï filter) ¤ËÂФ·¤ÆºîÍѤ¹¤ë¡£ ¤è¤Ã¤Æ mangle ¥ë¡¼¥ë¤òɽ¼¨¤¹¤ë¤Ë¤Ï°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ë¡£
ip6tables -t mangle -n -L
DNS ¤ÎµÕ°ú¤¤òÈò¤±¤ë¤¿¤á¤Ë¡¢¤è¤¯ -n ¥ª¥×¥·¥ç¥ó¤È¶¦¤Ë»ÈÍѤµ¤ì¤ë¡£ -Z (¥¼¥í²½) ¥ª¥×¥·¥ç¥ó¤òƱ»þ¤Ë»ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë¡£ ¤³¤Î¾ì¹ç¡¢¥Á¥§¥¤¥ó¤ÏÍ×ÁÇËè¤Ë¥ê¥¹¥È¤µ¤ì¤Æ¡¢ (ÌõÃð: ¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤¬) ¥¼¥í¤Ë¤µ¤ì¤ë¡£ ¤É¤Î¤è¤¦¤Ë½ÐÎϤ¹¤ë¤«¤Ï¡¢Í¿¤¨¤é¤ì¤ë¾¤Î°ú¤¿ô¤Ë±Æ¶Á¤µ¤ì¤ë¡£ip6tables -L -v
¤ò»È¤ï¤Ê¤¤¸Â¤ê¡¢(ÌõÃð: -v ¥ª¥×¥·¥ç¥ó¤ò»ØÄꤷ¤Ê¤¤¸Â¤ê) ¼ÂºÝ¤Î¥ë¡¼¥ë¤½¤Î¤â¤Î¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡£ - -F, --flush [chain]
- ÁªÂò¤µ¤ì¤¿¥Á¥§¥¤¥ó (²¿¤â»ØÄꤵ¤ì¤Ê¤±¤ì¤Ð¥Æ¡¼¥Ö¥ëÆâ¤ÎÁ´¤Æ¤Î¥Á¥§¥¤¥ó) ¤ÎÆâÍƤòÁ´¾Ãµî¤¹¤ë¡£ ¤³¤ì¤ÏÁ´¤Æ¤Î¥ë¡¼¥ë¤ò 1 ¸Ä¤º¤Äºï½ü¤¹¤ë¤Î¤ÈƱ¤¸¤Ç¤¢¤ë¡£
- -Z, --zero [chain]
- ¤¹¤Ù¤Æ¤Î¥Á¥§¥¤¥ó¤Î¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤ò¥¼¥í¤Ë¤¹¤ë¡£ ¥¯¥ê¥¢¤µ¤ì¤ëľÁ°¤Î¥«¥¦¥ó¥¿¤ò¸«¤ë¤¿¤á¤Ë¡¢ -L, --list (°ìÍ÷ɽ¼¨) ¥ª¥×¥·¥ç¥ó¤ÈƱ»þ¤Ë»ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë (¾åµ¤ò»²¾È)¡£
- -N, --new-chain chain
- »ØÄꤷ¤¿Ì¾Á°¤Ç¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤òºîÀ®¤¹¤ë¡£ Ʊ¤¸Ì¾Á°¤Î¥¿¡¼¥²¥Ã¥È¤¬´û¤Ë¸ºß¤·¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£
- -X, --delete-chain [chain]
- ¥ª¥×¥·¥ç¥ó¤Î¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤òºï½ü¤¹¤ë¡£ ¤½¤Î¥Á¥§¥¤¥ó¤¬»²¾È¤µ¤ì¤Æ¤¤¤Æ¤Ï¤Ê¤é¤Ê¤¤¡£ ¥Á¥§¥¤¥ó¤òºï½ü¤¹¤ëÁ°¤Ë¡¢¤½¤Î¥Á¥§¥¤¥ó¤ò»²¾È¤·¤Æ¤¤¤ë¥ë¡¼¥ë¤ò ºï½ü¤¹¤ë¤«ÃÖ¤´¹¤¨¤ë¤«¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ °ú¤¿ô¤¬Í¿¤¨¤é¤ì¤Ê¤¤¾ì¹ç¡¢¥Æ¡¼¥Ö¥ë¤Ë¤¢¤ë¥Á¥§¥¤¥ó¤Î¤¦¤Á ÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤Ç¤Ê¤¤¤â¤Î¤òÁ´¤Æºï½ü¤¹¤ë¡£
- -P, --policy chain target
- ¥Á¥§¥¤¥ó¤Î¥Ý¥ê¥·¡¼¤ò¡¢»ØÄꤷ¤¿¥¿¡¼¥²¥Ã¥È¤ËÀßÄꤹ¤ë¡£ »ØÄê²Äǽ¤Ê¥¿¡¼¥²¥Ã¥È¤Ï¡Ö¥¿¡¼¥²¥Ã¥È¡×¤Î¾Ï¤ò»²¾È¤¹¤ë¤³¤È¡£ (¥æ¡¼¥¶¡¼ÄêµÁ¤Ç¤Ï¤Ê¤¤) ÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤Ë¤·¤«¥Ý¥ê¥·¡¼¤ÏÀßÄê¤Ç¤¤Ê¤¤¡£ ¤Þ¤¿¡¢ÁȤ߹þ¤ßºÑ¤ß¥Á¥§¥¤¥ó¤â¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤â ¥Ý¥ê¥·¡¼¤Î¥¿¡¼¥²¥Ã¥È¤ËÀßÄꤹ¤ë¤³¤È¤Ï¤Ç¤¤Ê¤¤¡£
- -E, --rename-chain old-chain new-chain
- ¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤ò»ØÄꤷ¤¿Ì¾Á°¤ËÊѹ¹¤¹¤ë¡£ ¤³¤ì¤Ï¸«¤¿ÌܤÀ¤±¤ÎÊѹ¹¤Ê¤Î¤Ç¡¢¥Æ¡¼¥Ö¥ë¤Î¹½Â¤¤Ë¤Ï²¿¤â±Æ¶Á¤·¤Ê¤¤¡£
- -h
- ¥Ø¥ë¥×¡£ (º£¤Î¤È¤³¤í¤Ï¤È¤Æ¤â´Êñ¤Ê) ¥³¥Þ¥ó¥É½ñ¼°¤ÎÀâÌÀ¤òɽ¼¨¤¹¤ë¡£
¥Ñ¥é¥á¡¼¥¿
°Ê²¼¤Î¥Ñ¥é¥á¡¼¥¿¤Ï (add, delete, insert, replace, append ¥³¥Þ¥ó¥É¤ÇÍѤ¤¤é¤ì¤Æ) ¥ë¡¼¥ë¤Î»ÅÍͤò·è¤á¤ë¡£- -p, --protocol [!] protocol
- ¥ë¡¼¥ë¤Ç»È¤ï¤ì¤ë¥×¥í¥È¥³¥ë¡¢¤Þ¤¿¤Ï¥Á¥§¥Ã¥¯¤µ¤ì¤ë¥Ñ¥±¥Ã¥È¤Î¥×¥í¥È¥³¥ë¡£ »ØÄê¤Ç¤¤ë¥×¥í¥È¥³¥ë¤Ï¡¢ tcp, udp, ipv6-icmp|icmpv6, all ¤Î¤¤¤º¤ì¤« 1 ¤Ä¤«¡¢¿ôÃͤǤ¢¤ë¡£ ¿ôÃͤϡ¢¤³¤ì¤é¤Î¥×¥í¥È¥³¥ë¤Î 1 ¤Ä¡¢¤â¤·¤¯¤ÏÊ̤Υץí¥È¥³¥ë¤òɽ¤¹¡£ /etc/protocols ¤Ë¤¢¤ë¥×¥í¥È¥³¥ë̾¤â»ØÄê¤Ç¤¤ë¡£ ¥×¥í¥È¥³¥ë¤ÎÁ°¤Ë "!" ¤òÃÖ¤¯¤È¡¢¤½¤Î¥×¥í¥È¥³¥ë¤ò»ØÄꤷ¤Ê¤¤¤È¤¤¤¦°ÕÌ£¤Ë¤Ê¤ë¡£ ¿ôÃÍ 0 ¤Ï all ¤ÈÅù¤·¤¤¡£ ¥×¥í¥È¥³¥ë all ¤ÏÁ´¤Æ¤Î¥×¥í¥È¥³¥ë¤È¥Þ¥Ã¥Á¤·¡¢ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿ºÝ¤Î¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤ë¡£
- -s, --source [!] address[/mask]
- Á÷¿®¸µ¤Î»ØÄê¡£ address ¤Ï¥Û¥¹¥È̾ (DNS ¤Î¤è¤¦¤Ê¥ê¥â¡¼¥È¤Ø¤ÎÌ䤤¹ç¤ï¤»¤Ç²ò·è¤¹¤ë̾Á°¤ò»ØÄꤹ¤ë¤Î¤Ï Èó¾ï¤ËÎɤ¯¤Ê¤¤)¡¦ ¥Í¥Ã¥È¥ï¡¼¥¯ IPv6 ¥¢¥É¥ì¥¹ (/mask ¤ò»ØÄꤹ¤ë)¡¦ Ä̾ï¤Î IPv6 ¥¢¥É¥ì¥¹ (º£¤Î¤È¤³¤í¡¢¥Í¥Ã¥È¥ï¡¼¥¯Ì¾¤Ï¥µ¥Ý¡¼¥È¤µ¤ì¤Æ¤¤¤Ê¤¤)¡¢¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ë¡£ mask ¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥Þ¥¹¥¯¤«¡¢ ¥Í¥Ã¥È¥ï¡¼¥¯¥Þ¥¹¥¯¤Îº¸Â¦¤Ë¤¢¤ë 1 ¤Î¿ô¤ò»ØÄꤹ¤ë¿ôÃͤǤ¢¤ë¡£ ¤Ä¤Þ¤ê¡¢ 64 ¤È¤¤¤¦ mask ¤Ï ffff:ffff:ffff:ffff:0000:0000:0000:0000 ¤ËÅù¤·¤¤¡£ ¥¢¥É¥ì¥¹»ØÄê¤ÎÁ°¤Ë "!" ¤òÃÖ¤¯¤È¡¢¤½¤Î¥¢¥É¥ì¥¹¤ò½ü³°¤¹¤ë¤È¤¤¤¦°ÕÌ£¤Ë¤Ê¤ë¡£ ¥Õ¥é¥° --src ¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤ÎÊÌ̾¤Ç¤¢¤ë¡£
- -d, --destination [!] address[/mask]
- Á÷¿®Àè¤Î»ØÄê¡£ ½ñ¼°¤Î¾Ü¤·¤¤ÀâÌÀ¤Ë¤Ä¤¤¤Æ¤Ï¡¢ -s (Á÷¿®¸µ) ¥Õ¥é¥°¤ÎÀâÌÀ¤ò»²¾È¤¹¤ë¤³¤È¡£ ¥Õ¥é¥° --dst ¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤ÎÊÌ̾¤Ç¤¢¤ë¡£
- -j, --jump target
- ¥ë¡¼¥ë¤Î¥¿¡¼¥²¥Ã¥È¡¢¤Ä¤Þ¤ê¡¢ ¥Ñ¥±¥Ã¥È¤¬¥Þ¥Ã¥Á¤·¤¿¾ì¹ç¤Ë¤É¤¦¤¹¤ë¤«¤ò»ØÄꤹ¤ë¡£ ¥¿¡¼¥²¥Ã¥È¤Ï¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó (¤½¤Î¥ë¡¼¥ë¼«¿È¤¬Æþ¤Ã¤Æ¤¤¤ë¥Á¥§¥¤¥ó°Ê³°) ¤Ç¤â¡¢ ¥Ñ¥±¥Ã¥È¤Î¹ÔÊý¤ò¨»þ¤Ë·èÄꤹ¤ëÆÃÊ̤ÊÁȤ߹þ¤ßºÑ¤ß¥¿¡¼¥²¥Ã¥È¤Ç¤â¡¢ ³ÈÄ¥¤µ¤ì¤¿¥¿¡¼¥²¥Ã¥È (°Ê²¼¤Î ¡Ö¥¿¡¼¥²¥Ã¥È¤Î³ÈÄ¥¡× ¤ò»²¾È) ¤Ç¤â¤è¤¤¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¥ë¡¼¥ë¤ÎÃæ¤Ç¾Êά¤µ¤ì¤¿¾ì¹ç¡¢ ¥ë¡¼¥ë¤Ë¥Þ¥Ã¥Á¤·¤Æ¤â¥Ñ¥±¥Ã¥È¤Î¹ÔÊý¤Ë²¿¤â±Æ¶Á¤·¤Ê¤¤¤¬¡¢ ¥ë¡¼¥ë¤Î¥«¥¦¥ó¥¿¤Ï 1 ¤Ä²Ã»»¤µ¤ì¤ë¡£
- -i, --in-interface [!] name
- (INPUT, FORWARD, PREROUTING ¥Á¥§¥¤¥ó¤Î¤ß¤ËÆþ¤ë) ¥Ñ¥±¥Ã¥È¤ò¼õ¿®¤¹¤ë¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¡£ ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤ÎÁ°¤Ë "!" ¤òÃÖ¤¯¤È¡¢ ¤½¤Î¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤ò½ü³°¤¹¤ë¤È¤¤¤¦°ÕÌ£¤Ë¤Ê¤ë¡£ ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤¬ "+" ¤Ç½ª¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢ ¤½¤Î̾Á°¤Ç»Ï¤Þ¤ëǤ°Õ¤Î¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¡¢ Ǥ°Õ¤Î¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- -o, --out-interface [!] name
- (FORWARD, OUTPUT ¥Á¥§¥¤¥ó¤ËÆþ¤ë) ¥Ñ¥±¥Ã¥È¤òÁ÷¿®¤¹¤ë¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¡£ ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤ÎÁ°¤Ë "!" ¤òÃÖ¤¯¤È¡¢ ¤½¤Î¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤ò½ü³°¤¹¤ë¤È¤¤¤¦°ÕÌ£¤Ë¤Ê¤ë¡£ ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤¬ "+" ¤Ç½ª¤Ã¤Æ¤¤¤ë¾ì¹ç¡¢ ¤½¤Î̾Á°¤Ç»Ï¤Þ¤ëǤ°Õ¤Î¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¾Êά¤µ¤ì¤¿¾ì¹ç¡¢ Ǥ°Õ¤Î¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- -c, --set-counters PKTS BYTES ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»È¤¦¤È¡¢ (insert, append, replace Áàºî¤Ë¤ª¤¤¤Æ) ´ÉÍý¼Ô¤Ï¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤ò ½é´ü²½¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£
¤½¤Î¾¤Î¥ª¥×¥·¥ç¥ó
¤½¤Î¾¤Ë°Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤ë:- -v, --verbose
- ¾ÜºÙ¤Ê½ÐÎϤò¹Ô¤¦¡£ list ¥³¥Þ¥ó¥É¤ÎºÝ¤Ë¡¢¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹Ì¾¡¦ (¤â¤·¤¢¤ì¤Ð) ¥ë¡¼¥ë¤Î¥ª¥×¥·¥ç¥ó¡¦TOS ¥Þ¥¹¥¯¤òɽ¼¨¤µ¤»¤ë¡£ ¥Ñ¥±¥Ã¥È¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤âɽ¼¨¤µ¤ì¤ë¡£ ź»ú 'K', 'M', 'G' ¤Ï¡¢ ¤½¤ì¤¾¤ì 1000, 1,000,000, 1,000,000,000 Çܤòɽ¤¹ (¤³¤ì¤òÊѹ¹¤¹¤ë -x ¥Õ¥é¥°¤â¸«¤è)¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò append, insert, delete, replace ¥³¥Þ¥ó¥É¤ËŬÍѤ¹¤ë¤È¡¢ ¥ë¡¼¥ë¤Ë¤Ä¤¤¤Æ¤Î¾ÜºÙ¤Ê¾ðÊó¤òɽ¼¨¤¹¤ë¡£
- -n, --numeric
- ¿ôÃͤˤè¤ë½ÐÎϤò¹Ô¤¦¡£ IP ¥¢¥É¥ì¥¹¤ä¥Ý¡¼¥ÈÈÖ¹æ¤ò¿ôÃͤˤè¤ë¥Õ¥©¡¼¥Þ¥Ã¥È¤Çɽ¼¨¤¹¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¤³¤Î¥×¥í¥°¥é¥à¤Ï (²Äǽ¤Ç¤¢¤ì¤Ð) ¤³¤ì¤é¤Î¾ðÊó¤ò ¥Û¥¹¥È̾¡¦¥Í¥Ã¥È¥ï¡¼¥¯Ì¾¡¦¥µ¡¼¥Ó¥¹Ì¾¤Çɽ¼¨¤·¤è¤¦¤È¤¹¤ë¡£
- -x, --exact
- ¸·Ì©¤Ê¿ôÃͤÇɽ¼¨¤¹¤ë¡£ ¥Ñ¥±¥Ã¥È¥«¥¦¥ó¥¿¤È¥Ð¥¤¥È¥«¥¦¥ó¥¿¤ò¡¢ K (1000 ¤Î²¿Çܤ«)¡¦M (1000K ¤Î²¿Çܤ«)¡¦G (1000M ¤Î²¿Çܤ«) ¤Ç¤Ï¤Ê¤¯¡¢ ¸·Ì©¤ÊÃͤÇɽ¼¨¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢ -L ¥³¥Þ¥ó¥É¤È¤·¤«´Ø·¸¤·¤Ê¤¤¡£
- --line-numbers
- ¥ë¡¼¥ë¤ò°ìÍ÷ɽ¼¨¤¹¤ëºÝ¡¢¤½¤Î¥ë¡¼¥ë¤¬¥Á¥§¥¤¥ó¤Î¤É¤Î°ÌÃ֤ˤ¢¤ë¤«¤òɽ¤¹ ¹ÔÈÖ¹æ¤ò³Æ¹Ô¤Î»Ï¤á¤ËÉղ乤롣
- --modprobe=command
- ¥Á¥§¥¤¥ó¤Ë¥ë¡¼¥ë¤òÄɲäޤ¿¤ÏÁÞÆþ¤¹¤ëºÝ¤Ë¡¢ (¥¿¡¼¥²¥Ã¥È¤ä¥Þ¥Ã¥Á¥ó¥°¤Î³ÈÄ¥¤Ê¤É¤Ç) ɬÍפʥ⥸¥å¡¼¥ë¤ò¥í¡¼¥É¤¹¤ë¤¿¤á¤Ë»È¤¦ command ¤ò»ØÄꤹ¤ë¡£
¥Þ¥Ã¥Á¥ó¥°¤Î³ÈÄ¥
ip6tables ¤Ï³ÈÄ¥¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥â¥¸¥å¡¼¥ë¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤ì¤é¤Î¥â¥¸¥å¡¼¥ë¤Ï 2 ¼ïÎà¤ÎÊýË¡¤Ç¥í¡¼¥É¤µ¤ì¤ë: ¥â¥¸¥å¡¼¥ë¤Ï¡¢ -p ¤Þ¤¿¤Ï --protocol ¤Ç°ÅÌۤΤ¦¤Á¤Ë»ØÄꤵ¤ì¤ë¤«¡¢ -m ¤Þ¤¿¤Ï --match ¤Î¸å¤Ë¥â¥¸¥å¡¼¥ë̾¤ò³¤±¤Æ»ØÄꤵ¤ì¤ë¡£ ¤³¤ì¤é¤Î¥â¥¸¥å¡¼¥ë¤Î¸å¤í¤Ë¤Ï¡¢¥â¥¸¥å¡¼¥ë¤Ë±þ¤¸¤Æ ¾¤Î¤¤¤í¤¤¤í¤Ê¥³¥Þ¥ó¥É¥é¥¤¥ó¥ª¥×¥·¥ç¥ó¤ò»ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤ë¡£ Ê£¿ô¤Î³ÈÄ¥¥Þ¥Ã¥Á¥ó¥°¥â¥¸¥å¡¼¥ë¤ò 1 ¹Ô¤Ç»ØÄꤹ¤ë¤³¤È¤¬¤Ç¤¤ë¡£ ¤Þ¤¿¡¢¥â¥¸¥å¡¼¥ë¤ËÆÃͤΥإë¥×¤òɽ¼¨¤µ¤»¤ë¤¿¤á¤Ë¤Ï¡¢ ¥â¥¸¥å¡¼¥ë¤ò»ØÄꤷ¤¿¸å¤Ç -h ¤Þ¤¿¤Ï --help ¤ò»ØÄꤹ¤ì¤Ð¤è¤¤¡£°Ê²¼¤Î³ÈÄ¥¤¬¥Ù¡¼¥¹¥Ñ¥Ã¥±¡¼¥¸¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¡£ ÂçÉôʬ¤Î¤â¤Î¤Ï¡¢¥Þ¥Ã¥Á¥ó¥°¤Î°ÕÌ£¤òµÕ¤Ë¤¹¤ë¤¿¤á¤Ë ! ¤òÁ°¤Ë¤ª¤¯¤³¤È¤¬¤Ç¤¤ë¡£
tcp
¤³¤ì¤é¤Î³ÈÄ¥¤Ï `--protocol tcp' ¤¬»ØÄꤵ¤ì¾ì¹ç¤Ë¥í¡¼¥É¤µ¤ì¡¢ °Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤¬Ä󶡤µ¤ì¤ë:- --source-port [!] port[:port]
- Á÷¿®¸µ¥Ý¡¼¥È¤Þ¤¿¤Ï¥Ý¡¼¥ÈÈϰϤλØÄê¡£ ¥µ¡¼¥Ó¥¹Ì¾¤Þ¤¿¤Ï¥Ý¡¼¥ÈÈÖ¹æ¤ò»ØÄê¤Ç¤¤ë¡£ port:port ¤È¤¤¤¦·Á¼°¤Ç¡¢2 ¤Ä¤ÎÈÖ¹æ¤ò´Þ¤àÈϰϤò»ØÄꤹ¤ë¤³¤È¤â¤Ç¤¤ë¡£ ºÇ½é¤Î¥Ý¡¼¥È¤ò¾Êά¤·¤¿¾ì¹ç¡¢"0" ¤ò²¾Äꤹ¤ë¡£ ºÇ¸å¤Î¥Ý¡¼¥È¤ò¾Êά¤·¤¿¾ì¹ç¡¢"65535" ¤ò²¾Äꤹ¤ë¡£ ºÇ¸å¤Î¥Ý¡¼¥È¤¬ºÇ½é¤Î¥Ý¡¼¥È¤è¤êÂ礤¤¾ì¹ç¡¢2 ¤Ä¤ÏÆþ¤ì´¹¤¨¤é¤ì¤ë¡£ ¥Õ¥é¥° --sport ¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤ÎÊØÍø¤ÊÊÌ̾¤Ç¤¢¤ë¡£
- --destination-port [!] port[:port]
- Á÷¿®Àè¥Ý¡¼¥È¤Þ¤¿¤Ï¥Ý¡¼¥ÈÈϰϤλØÄê¡£ ¥Õ¥é¥° --dport ¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤ÎÊØÍø¤ÊÊÌ̾¤Ç¤¢¤ë¡£
- --tcp-flags [!] mask comp
- »ØÄꤵ¤ì¤Æ¤¤¤ë¤è¤¦¤Ê TCP ¥Õ¥é¥°¤Î¾ì¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£ Âè 1 °ú¤¿ô¤Ïɾ²Á¤µ¤ì¤ë¥Õ¥é¥°¤Ç¡¢¥³¥ó¥Þ¤Çʬ¤±¤é¤ì¤¿¥ê¥¹¥È¤Ç½ñ¤«¤ì¤ë¡£ Âè 2 °ú¤¿ô¤ÏÀßÄꤵ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¥Õ¥é¥°¤Ç¡¢ ¥³¥ó¥Þ¤Çʬ¤±¤é¤ì¤¿¥ê¥¹¥È¤Ç½ñ¤«¤ì¤ë¡£ »ØÄê¤Ç¤¤ë¥Õ¥é¥°¤Ï SYN ACK FIN RST URG PSH ALL NONE ¤Ç¤¢¤ë¡£ ¤è¤Ã¤Æ¡¢¥³¥Þ¥ó¥É
ip6tables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN
¤Ï¡¢SYN ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì ACK, FIN, RST ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤ ¥Ñ¥±¥Ã¥È¤Ë¤Î¤ß¥Þ¥Ã¥Á¤¹¤ë¡£ - [!] --syn
- SYN ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì ACK ¤È RST ¥Ó¥Ã¥È¤¬¥¯¥ê¥¢¤µ¤ì¤Æ¤¤¤ë TCP ¥Ñ¥±¥Ã¥È¤Ë¤Î¤ß¥Þ¥Ã¥Á¤¹¤ë¡£ ¤³¤Î¤è¤¦¤Ê¥Ñ¥±¥Ã¥È¤Ï TCP Àܳ¤Î³«»ÏÍ×µá¤Ë»È¤ï¤ì¤ë¡£ Î㤨¤Ð¡¢¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤ËÆþ¤Ã¤Æ¤¯¤ë¤³¤Î¤è¤¦¤Ê¥Ñ¥±¥Ã¥È¤ò¥Ö¥í¥Ã¥¯¤¹¤ì¤Ð¡¢ Æ⦤ؤΠTCP Àܳ¤Ï¶Ø»ß¤µ¤ì¤ë¤¬¡¢³°Â¦¤Ø¤Î TCP Àܳ¤Ë¤Ï±Æ¶Á¤·¤Ê¤¤¡£ ¤³¤ì¤Ï --tcp-flags SYN,RST,ACK SYN ¤ÈÅù¤·¤¤¡£ "--syn" ¤ÎÁ°¤Ë "!" ¥Õ¥é¥°¤òÃÖ¤¯¤È¡¢ SYN ¥Ó¥Ã¥È¤¬¥¯¥ê¥¢¤µ¤ì ACK ¤È FIN ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë TCP ¥Ñ¥±¥Ã¥È¤Ë¤Î¤ß¥Þ¥Ã¥Á¤¹¤ë¡£
- --tcp-option [!] number
- TCP ¥ª¥×¥·¥ç¥ó¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
udp
¤³¤ì¤é¤Î³ÈÄ¥¤Ï `--protocol udp' ¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¤Ë¥í¡¼¥É¤µ¤ì¡¢ °Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤¬Ä󶡤µ¤ì¤ë:- --source-port [!] port[:port]
- Á÷¿®¸µ¥Ý¡¼¥È¤Þ¤¿¤Ï¥Ý¡¼¥ÈÈϰϤλØÄê¡£ ¾ÜºÙ¤Ï TCP ³ÈÄ¥¤Î --source-port ¥ª¥×¥·¥ç¥ó¤ÎÀâÌÀ¤ò»²¾È¤¹¤ë¤³¤È¡£
- --destination-port [!] port[:port]
- Á÷¿®Àè¥Ý¡¼¥È¤Þ¤¿¤Ï¥Ý¡¼¥ÈÈϰϤλØÄê¡£ ¾ÜºÙ¤Ï TCP ³ÈÄ¥¤Î --destination-port ¥ª¥×¥·¥ç¥ó¤ÎÀâÌÀ¤ò»²¾È¤¹¤ë¤³¤È¡£
ipv6-icmp
¤³¤ì¤é¤Î³ÈÄ¥¤Ï `--protocol ipv6-icmp' ¤Þ¤¿¤Ï `--protocol icmpv6' ¤¬»ØÄꤵ¤ì¤¿¾ì¹ç¤Ë¥í¡¼¥É¤µ¤ì¡¢ °Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤¬Ä󶡤µ¤ì¤ë:- --icmpv6-type [!] typename
- ¿ôÃͤΠIPv6-ICMP ¥¿¥¤¥×¡¢¤Þ¤¿¤Ï¥³¥Þ¥ó¥É
ip6tables -p ipv6-icmp -h
¤Çɽ¼¨¤µ¤ì¤ë IPv6-ICMP ¥¿¥¤¥×̾¤ò»ØÄê¤Ç¤¤ë¡£
mac
- --mac-source [!] address
- Á÷¿®¸µ MAC ¥¢¥É¥ì¥¹¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£ address ¤Ï XX:XX:XX:XX:XX:XX ¤È¤¤¤¦·Á¼°¤Ç¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ ¥¤¡¼¥µ¡¼¥Í¥Ã¥È¥Ç¥Ð¥¤¥¹¤«¤éÆþ¤Ã¤Æ¤¯¤ë¥Ñ¥±¥Ã¥È¤Ç¡¢ PREROUTING, FORWARD, INPUT ¥Á¥§¥¤¥ó¤ËÆþ¤ë¥Ñ¥±¥Ã¥È¤Ë¤·¤«°ÕÌ£¤¬¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£
limit
¤³¤Î¥â¥¸¥å¡¼¥ë¤Ï¡¢¥È¡¼¥¯¥ó¥Ð¥±¥Ä¥Õ¥£¥ë¥¿¤ò»È¤¤¡¢ ñ°Ì»þ´Ö¤¢¤¿¤êÀ©¸Â¤µ¤ì¤¿²ó¿ô¤À¤±¥Þ¥Ã¥Á¤¹¤ë¡£ ¤³¤Î³ÈÄ¥¤ò»È¤Ã¤¿¥ë¡¼¥ë¤Ï¡¢(`!' ¥Õ¥é¥°¤¬»ØÄꤵ¤ì¤Ê¤¤¸Â¤ê) À©¸Â¤Ë㤹¤ë¤Þ¤Ç¥Þ¥Ã¥Á¤¹¤ë¡£ ¤³¤Î¥â¥¸¥å¡¼¥ë¤Ï¡¢¥í¥°µÏ¿¤òÀ©¸Â¤¹¤ë LOG ¥¿¡¼¥²¥Ã¥È¤ÈÁȤ߹ç¤ï¤»¤Æ»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¤¿¤È¤¨¤Ð¡¢- --limit rate
- ñ°Ì»þ´Ö¤¢¤¿¤ê¤ÎÊ¿¶Ñ¥Þ¥Ã¥Á²ó¿ô¤ÎºÇÂçÃÍ¡£ ¿ôÃͤǻØÄꤵ¤ì¡¢Åº»ú `/second', `/minute', `/hour', `/day' ¤òÉÕ¤±¤ë¤³¤È¤â¤Ç¤¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 3/hour ¤Ç¤¢¤ë¡£
- --limit-burst number
- ¥Ñ¥±¥Ã¥È¤¬¥Þ¥Ã¥Á¤¹¤ë²ó¿ô¤ÎºÇÂç½é´üÃÍ: ¾å¤Î¥ª¥×¥·¥ç¥ó¤Ç»ØÄꤷ¤¿À©¸Â¤Ë㤷¤Ê¤±¤ì¤Ð¡¢ ¤½¤ÎÅÙ¤´¤È¤Ë¡¢¤³¤Î¿ôÃͤˤʤë¤Þ¤Ç 1 ¸Ä¤º¤ÄÁý¤ä¤µ¤ì¤ë¡£ ¥Ç¥Õ¥©¥ë¥È¤Ï 5 ¤Ç¤¢¤ë¡£
multiport
¤³¤Î¥â¥¸¥å¡¼¥ë¤ÏÁ÷¿®¸µ¤äÁ÷¿®Àè¤Î¥Ý¡¼¥È¤Î½¸¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£ ¥Ý¡¼¥È¤Ï 15 ¸Ä¤Þ¤Ç»ØÄê¤Ç¤¤ë¡£ ¤³¤Î¥â¥¸¥å¡¼¥ë¤Ï -p tcp ¤Þ¤¿¤Ï -p udp ¤ÈÁȤ߹ç¤ï¤»¤Æ»È¤¦¤³¤È¤·¤«¤Ç¤¤Ê¤¤¡£- --source-ports port[,port[,port...]]
- Á÷¿®¸µ¥Ý¡¼¥È¤¬»ØÄꤵ¤ì¤¿¥Ý¡¼¥È¤Î¤¦¤Á¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ì¤Ð¥Þ¥Ã¥Á¤¹¤ë¡£ ¥Õ¥é¥° --sports ¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤ÎÊØÍø¤ÊÊÌ̾¤Ç¤¢¤ë¡£
- --destination-ports port[,port[,port...]]
- Á÷¿®Àè¥Ý¡¼¥È¤¬»ØÄꤵ¤ì¤¿¥Ý¡¼¥È¤Î¤¦¤Á¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ì¤Ð¥Þ¥Ã¥Á¤¹¤ë¡£ ¥Õ¥é¥° --dports ¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤ÎÊØÍø¤ÊÊÌ̾¤Ç¤¢¤ë¡£
- --ports port[,port[,port...]]
- Á÷¿®¸µ¤ÈÁ÷¿®Àè¥Ý¡¼¥È¤ÎξÊý¤¬¸ß¤¤¤ËÅù¤·¤¤¤«¡¢ »ØÄꤵ¤ì¤¿¥Ý¡¼¥È¤Î¤¦¤Á¤Î¤¤¤º¤ì¤«¤Ç¤¢¤ì¤Ð¥Þ¥Ã¥Á¤¹¤ë¡£
mark
¤³¤Î¥â¥¸¥å¡¼¥ë¤Ï¥Ñ¥±¥Ã¥È¤Ë´ØÏ¢¤Å¤±¤é¤ì¤¿ netfilter ¤Î mark ¥Õ¥£¡¼¥ë¥É¤Ë¥Þ¥Ã¥Á¤¹¤ë (¤³¤Î¥Õ¥£¡¼¥ë¥É¤Ï¡¢°Ê²¼¤Î MARK ¥¿¡¼¥²¥Ã¥È¤ÇÀßÄꤵ¤ì¤ë)¡£- --mark value[/mask]
- »ØÄꤵ¤ì¤¿Éä¹æ¤Ê¤· mark ÃͤΥѥ±¥Ã¥È¤Ë¥Þ¥Ã¥Á¤¹¤ë (mask ¤¬»ØÄꤵ¤ì¤ë¤È¡¢Èæ³Ó¤ÎÁ°¤Ë mask ¤È¤ÎÏÀÍýÀÑ (AND) ¤¬¤È¤é¤ì¤ë)¡£
owner
¤³¤Î¥â¥¸¥å¡¼¥ë¤Ï¡¢¥í¡¼¥«¥ë¤ÇÀ¸À®¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤ËÉÕ¤¤¤Æ¡¢ ¥Ñ¥±¥Ã¥ÈÀ¸À®¼Ô¤Î¤¤¤í¤¤¤í¤ÊÆÃÀ¤È¤Î¥Þ¥Ã¥Á¥ó¥°¤ò¤È¤ë¡£ ¤³¤ì¤Ï OUTPUT ¥Á¥§¥¤¥ó¤Î¤ß¤Ç¤·¤«Í¸ú¤Ç¤Ê¤¤¡£ ¤Þ¤¿¡¢(ICMP ping ±þÅú¤Î¤è¤¦¤Ê) ¥Ñ¥±¥Ã¥È¤Ï¡¢ ½êͼԤ¬¤¤¤Ê¤¤¤Î¤ÇÀäÂФ˥ޥåÁ¤·¤Ê¤¤¡£ ¤³¤ì¤Ï¼Â¸³Åª¤Ê¤â¤Î¤È¤¤¤¦°·¤¤¤Ç¤¢¤ë¡£- --uid-owner userid
- »ØÄꤵ¤ì¤¿¼Â¸ú¥æ¡¼¥¶¡¼ ID ¤Î¥×¥í¥»¥¹¤Ë¤è¤ê ¥Ñ¥±¥Ã¥È¤¬À¸À®¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- --gid-owner groupid
- »ØÄꤵ¤ì¤¿¼Â¸ú¥°¥ë¡¼¥× ID ¤Î¥×¥í¥»¥¹¤Ë¤è¤ê ¥Ñ¥±¥Ã¥È¤¬À¸À®¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- --pid-owner processid
- »ØÄꤵ¤ì¤¿¥×¥í¥»¥¹ ID ¤Î¥×¥í¥»¥¹¤Ë¤è¤ê ¥Ñ¥±¥Ã¥È¤¬À¸À®¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
- --sid-owner sessionid
- »ØÄꤵ¤ì¤¿¥»¥Ã¥·¥ç¥ó¥°¥ë¡¼¥×¤Î¥×¥í¥»¥¹¤Ë¤è¤ê ¥Ñ¥±¥Ã¥È¤¬À¸À®¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë¥Þ¥Ã¥Á¤¹¤ë¡£
¥¿¡¼¥²¥Ã¥È¤Î³ÈÄ¥
iptables ¤Ï³ÈÄ¥¥¿¡¼¥²¥Ã¥È¥â¥¸¥å¡¼¥ë¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë: °Ê²¼¤Î¤â¤Î¤¬¡¢É¸½àŪ¤Ê¥Ç¥£¥¹¥È¥ê¥Ó¥å¡¼¥·¥ç¥ó¤Ë´Þ¤Þ¤ì¤Æ¤¤¤ë¡£LOG
¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤ò¥«¡¼¥Í¥ë¥í¥°¤ËµÏ¿¤¹¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬¥ë¡¼¥ë¤ËÂФ·¤ÆÀßÄꤵ¤ì¤ë¤È¡¢ Linux ¥«¡¼¥Í¥ë¤Ï¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤Ë¤Ä¤¤¤Æ¤Î (IPv6 ¤Ë¤ª¤±¤ëÂçÉôʬ¤Î IPv6 ¥Ø¥Ã¥À¥Õ¥£¡¼¥ë¥É¤Î¤è¤¦¤Ê) ²¿¤é¤«¤Î¾ðÊó¤ò ¥«¡¼¥Í¥ë¥í¥°¤Ëɽ¼¨¤¹¤ë (¥«¡¼¥Í¥ë¥í¥°¤Ï dmesg ¤Þ¤¿¤Ï syslogd(8) ¤Ç¸«¤ë¤³¤È¤¬¤Ç¤¤ë)¡£ ¤³¤ì¤Ï¡ÖÈó½ªÎ»¥¿ ¡¼¥²¥Ã¥È¡×¤Ç¤¢¤ë¡£ ¤¹¤Ê¤ï¤Á¡¢¥ë¡¼¥ë¤Î¸¡Æ¤¤Ï¡¢¼¡¤Î¥ë¡¼¥ë¤Ø¤È·Ñ³¤µ¤ì¤ë¡£ ¤è¤Ã¤Æ¡¢µñÈݤ¹¤ë¥Ñ¥±¥Ã¥È¤ò¥í¥°µÏ¿¤·¤¿¤±¤ì¤Ð¡¢ Ʊ¤¸¥Þ¥Ã¥Á¥ó¥°È½ÃÇ´ð½à¤ò»ý¤Ä 2 ¤Ä¤Î¥ë¡¼¥ë¤ò»ÈÍѤ·¡¢ ºÇ½é¤Î¥ë¡¼¥ë¤Ç LOG ¥¿¡¼¥²¥Ã¥È¤ò¡¢ ¼¡¤Î¥ë¡¼¥ë¤Ç DROP (¤Þ¤¿¤Ï REJECT) ¥¿¡¼¥²¥Ã¥È¤ò»ØÄꤹ¤ë¡£- --log-level level
- ¥í¥°µÏ¿¤Î¥ì¥Ù¥ë (¿ôÃͤǻØÄꤹ¤ë¤«¡¢ (ÌõÃð: ̾Á°¤Ç»ØÄꤹ¤ë¾ì¹ç¤Ï) syslog.conf(5) ¤ò»²¾È¤¹¤ë¤³¤È)¡£
- --log-prefix prefix
- »ØÄꤷ¤¿¥×¥ì¥Õ¥£¥Ã¥¯¥¹¤ò¥í¥°¥á¥Ã¥»¡¼¥¸¤ÎÁ°¤ËÉÕ¤±¤ë¡£ ¥×¥ì¥Õ¥£¥Ã¥¯¥¹¤Ï 29 ʸ»ú¤Þ¤Ç¤ÎŤµ¤Ç¡¢ ¥í¥°¤Î¤Ê¤«¤Ç¥á¥Ã¥»¡¼¥¸¤ò¶èÊ̤¹¤ë¤Î¤ËÌòΩ¤Ä¡£
- --log-tcp-sequence
- TCP ¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤ò¥í¥°¤ËµÏ¿¤¹¤ë¡£ ¥í¥°¤¬¥æ¡¼¥¶¡¼¤«¤éÆɤá¤ë¾ì¹ç¡¢¥»¥¥å¥ê¥Æ¥£¾å¤Î´í¸±¤¬¤¢¤ë¡£
- --log-tcp-options
- TCP ¥Ñ¥±¥Ã¥È¥Ø¥Ã¥À¤Î¥ª¥×¥·¥ç¥ó¤ò¥í¥°¤ËµÏ¿¤¹¤ë¡£
- --log-ip-options
- IPv6 ¥Ñ¥±¥Ã¥È¥Ø¥Ã¥À¤Î¥ª¥×¥·¥ç¥ó¤ò¥í¥°¤ËµÏ¿¤¹¤ë¡£
MARK
¥Ñ¥±¥Ã¥È¤Ë´ØÏ¢¤Å¤±¤é¤ì¤¿ netfilter ¤Î mark Ãͤò»ØÄꤹ¤ë¡£ mangle ¥Æ¡¼¥Ö¥ë¤Î¤ß¤Ç͸ú¤Ç¤¢¤ë¡£- --set-mark mark
REJECT
¥Þ¥Ã¥Á¤·¤¿¥Ñ¥±¥Ã¥È¤Î±þÅú¤È¤·¤Æ¥¨¥é¡¼¥Ñ¥±¥Ã¥È¤òÁ÷¿®¤¹¤ë¤¿¤á¤Ë»È¤ï¤ì¤ë¡£ ¥¨¥é¡¼¥Ñ¥±¥Ã¥È¤òÁ÷¤é¤Ê¤±¤ì¤Ð¡¢ DROP ¤ÈƱ¤¸¤Ç¤¢¤ê¡¢ TARGET ¤ò½ªÎ»¤·¡¢¥ë¡¼¥ë¤Î¸¡Æ¤¤ò½ªÎ»¤¹¤ë¡£ ¤³¤Î¥¿¡¼¥²¥Ã¥È¤Ï¡¢ INPUT, FORWARD, OUTPUT ¥Á¥§¥¤¥ó¤È¡¢¤³¤ì¤é¤Î¥Á¥§¥¤¥ó¤«¤é¸Æ¤Ð¤ì¤ë ¥æ¡¼¥¶¡¼ÄêµÁ¥Á¥§¥¤¥ó¤À¤±¤Ç͸ú¤Ç¤¢¤ë¡£ °Ê²¼¤Î¥ª¥×¥·¥ç¥ó¤Ï¡¢ÊÖ¤µ¤ì¤ë¥¨¥é¡¼¥Ñ¥±¥Ã¥È¤ÎÆÃÀ¤òÀ©¸æ¤¹¤ë¡£- --reject-with type
- type ¤È¤·¤Æ»ØÄê²Äǽ¤Ê¤â¤Î¤Ï
icmp6-no-route no-route icmp6-adm-prohibited adm-prohibited icmp6-addr-unreachable addr-unreach icmp6-port-unreachable port-unreach
¤Ç¤¢¤ê¡¢Å¬ÀÚ¤Ê IPv6-ICMP ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤òÊÖ¤¹ (port-unreach ¤¬¥Ç¥Õ¥©¥ë¥È¤Ç¤¢¤ë)¡£ ¤µ¤é¤Ë¡¢TCP ¥×¥í¥È¥³¥ë¤Ë¤Î¤ß¥Þ¥Ã¥Á¤¹¤ë¥ë¡¼¥ë¤ËÂФ·¤Æ¡¢¥ª¥×¥·¥ç¥ó tcp-reset ¤ò»È¤¦¤³¤È¤¬¤Ç¤¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤ò»È¤¦¤È¡¢TCP RST ¥Ñ¥±¥Ã¥È¤¬Á÷¤êÊÖ¤µ¤ì¤ë¡£ ¼ç¤È¤·¤Æ ident (113/tcp) ¤Ë¤è¤ëõºº¤òÁ˻ߤ¹¤ë¤Î¤ËÌòΩ¤Ä¡£ ident ¤Ë¤è¤ëõºº¤Ï¡¢²õ¤ì¤Æ¤¤¤ë (¥á¡¼¥ë¤ò¼õ¤±¼è¤é¤Ê¤¤) ¥á¡¼¥ë¥Û¥¹¥È¤Ë ¥á¡¼¥ë¤¬Á÷¤é¤ì¤ë¾ì¹ç¤ËÉÑÈˤ˵¯¤³¤ë¡£
ÊÖ¤êÃÍ
¤¤¤í¤¤¤í¤Ê¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸¤¬É¸½à¥¨¥é¡¼¤Ëɽ¼¨¤µ¤ì¤ë¡£ Àµ¤·¤¯µ¡Ç½¤·¤¿¾ì¹ç¡¢½ªÎ»¥³¡¼¥É¤Ï 0 ¤Ç¤¢¤ë¡£ ÉÔÀµ¤Ê¥³¥Þ¥ó¥É¥é¥¤¥ó¥Ñ¥é¥á¡¼¥¿¤Ë¤è¤ê¥¨¥é¡¼¤¬È¯À¸¤·¤¿¾ì¹ç¤Ï¡¢ ½ªÎ»¥³¡¼¥É 2 ¤¬ÊÖ¤µ¤ì¤ë¡£ ¤½¤Î¾¤Î¥¨¥é¡¼¤Î¾ì¹ç¤Ï¡¢½ªÎ»¥³¡¼¥É 1 ¤¬ÊÖ¤µ¤ì¤ë¡£¥Ð¥°
¥Ð¥°? ¥Ð¥°¤Ã¤Æ²¿? ;-) ¤¨¡¼¤È¡Ä¡¢sparc64 ¤Ç¤Ï¥«¥¦¥ó¥¿¡¼Ãͤ¬¿®Íê¤Ç¤¤Ê¤¤¡£IPCHAINS ¤È¤Î¸ß´¹À
ip6tables ¤Ï¡¢Rusty Russell ¤Î ipchains ¤ÈÈó¾ï¤Ë¤è¤¯»÷¤Æ¤¤¤ë¡£ Â礤ʰ㤤¤Ï¡¢¥Á¥§¥¤¥ó INPUT ¤È OUTPUT ¤¬¡¢¤½¤ì¤¾¤ì¥í¡¼¥«¥ë¥Û¥¹¥È¤ËÆþ¤Ã¤Æ¤¯¤ë¥Ñ¥±¥Ã¥È¤È¡¢ ¥í¡¼¥«¥ë¥Û¥¹¥È¤«¤é½Ð¤µ¤ì¤ë¥Ñ¥±¥Ã¥È¤Î¤ß¤·¤«Ä´¤Ù¤Ê¤¤¤È¤¤¤¦ÅÀ¤Ç¤¢¤ë¡£ ¤è¤Ã¤Æ¡¢Á´¤Æ¤Î¥Ñ¥±¥Ã¥È¤Ï 3 ¤Ä¤¢¤ë¥Á¥§¥¤¥ó¤Î¤¦¤Á 1 ¤Ä¤·¤«Ä̤é¤Ê¤¤ (¥ë¡¼¥×¥Ð¥Ã¥¯¥È¥é¥Õ¥£¥Ã¥¯¤ÏÎã³°¤Ç¡¢INPUT ¤È OUTPUT ¥Á¥§¥¤¥ó¤ÎξÊý¤òÄ̤ë)¡£ °ÊÁ°¤Ï (ipchains ¤Ç¤Ï)¡¢ ¥Õ¥©¥ï¡¼¥É¤µ¤ì¤ë¥Ñ¥±¥Ã¥È¤¬ 3 ¤Ä¤Î¥Á¥§¥¤¥óÁ´¤Æ¤òÄ̤äƤ¤¤¿¡£¤½¤Î¾¤ÎÂ礤ʰ㤤¤Ï¡¢ -i ¤ÇÆþÎÏ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¡¢ -o ¤Ç½ÐÎÏ¥¤¥ó¥¿¡¼¥Õ¥§¡¼¥¹¤ò»ØÄꤷ¡¢ ¤È¤â¤Ë FORWARD ¥Á¥§¥¤¥ó¤ËÆþ¤ë¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ»ØÄê²Äǽ¤ÊÅÀ¤Ç¤¢¤ë¡£ ip6tables ¤Ç¤Ï¡¢¤½¤Î¾¤Ë¤â¤¤¤¯¤Ä¤«¤ÎÊѹ¹¤¬¤¢¤ë¡£
´ØÏ¢¹àÌÜ
ip6tables-save(8), ip6tables-restore(8), iptables(8), iptables-save(8), iptables-restore(8). ¥Ñ¥±¥Ã¥È¥Õ¥£¥ë¥¿¥ê¥ó¥°¤Ë¤Ä¤¤¤Æ¤Î¾ÜºÙ¤Ê iptables ¤Î»ÈÍÑË¡¤ò ÀâÌÀ¤·¤Æ¤¤¤ë packet-filtering-HOWTO¡£ NAT ¤Ë¤Ä¤¤¤Æ¾ÜºÙ¤ËÀâÌÀ¤·¤Æ¤¤¤ë NAT-HOWTO¡£ ɸ½àŪ¤ÊÇÛÉۤˤϴޤޤì¤Ê¤¤³ÈÄ¥¤Î¾ÜºÙ¤òÀâÌÀ¤·¤Æ¤¤¤ë netfilter-extensions-HOWTO¡£ ÆâÉô¹½Â¤¤Ë¤Ä¤¤¤Æ¾ÜºÙ¤ËÀâÌÀ¤·¤Æ¤¤¤ë netfilter-hacking-HOWTO¡£http://www.netfilter.org/ ¤ò»²¾È¤Î¤³¤È¡£
Ãø¼Ô
Rusty Russell ¤Ï¡¢½é´ü¤ÎÃʳ¬¤Ç Michael Neuling ¤ËÁêÃ̤·¤Æ iptables ¤ò½ñ¤¤¤¿¡£Marc Boucher ¤Ï Rusty ¤Ë iptables ¤Î°ìÈÌŪ¤Ê¥Ñ¥±¥Ã¥ÈÁªÂò¤Î¹Í¤¨Êý¤ò´«¤á¤Æ¡¢ ipnatctl ¤ò»ß¤á¤µ¤»¤¿¡£ ¤½¤·¤Æ¡¢mangle ¥Æ¡¼¥Ö¥ë¡¦½êͼԥޥåÁ¥ó¥°¡¦ mark µ¡Ç½¤ò½ñ¤¡¢¤¤¤¿¤ë¤È¤³¤í¤Ç»È¤ï¤ì¤Æ¤¤¤ëÁÇÀ²¤é¤·¤¤¥³¡¼¥É¤ò½ñ¤¤¤¿¡£
James Morris ¤¬ TOS ¥¿¡¼¥²¥Ã¥È¤È tos ¥Þ¥Ã¥Á¥ó¥°¤ò½ñ¤¤¤¿¡£
Jozsef Kadlecsik ¤¬ REJECT ¥¿¡¼¥²¥Ã¥È¤ò½ñ¤¤¤¿¡£
Harald Welte ¤¬ ULOG ¥¿¡¼¥²¥Ã¥È¡¦TTL ¥Þ¥Ã¥Á¥ó¥°¤È TTL ¥¿¡¼¥²¥Ã¥È¡¦ libipulog ¤ò½ñ¤¤¤¿¡£
Netfilter ¥³¥¢¥Á¡¼¥à¤Ï¡¢Marc Boucher, Martin Josefsson, Jozsef Kadlecsik, James Morris, Harald Welte, Rusty Russell ¤Ç¤¢¤ë¡£
ip6tables ¤Î man ¥Ú¡¼¥¸¤Ï¡¢Andras Kis-Szabo ¤Ë¤è¤Ã¤ÆºîÀ®¤µ¤ì¤¿¡£ ¤³¤ì¤Ï Herve Eychenne <rv@wallfire.org> ¤Ë¤è¤Ã¤Æ½ñ¤«¤ì¤¿ iptables ¤Î man ¥Ú¡¼¥¸¤ò¸µ¤Ë¤·¤Æ¤¤¤ë¡£
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre