lywsvip/oneclickvirt.github.io
1
0
Fork 0
mirror of https://github.com/oneclickvirt/oneclickvirt.github.io.git synced 2026-06-01 08:11:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
aa2dbbc60e0963570a8ea2e0f61cb790818dfdc1
oneclickvirt.github.io/docs/guide/block/block_iptables.md
spiritlhl e147dcd490 增加屏蔽滥用分区
2024-09-06 12:10:34 +00:00

150 lines
2.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
outline: deep
---
# 通过iptables屏蔽滥用
## `iptables`的基础使用说明
### 1. 启动 `iptables`
在大多数 Linux 发行版中,`iptables` 服务可以通过以下命令启动:
```bash
sudo systemctl start iptables
```
### 2. 设置规则
在启动 `iptables`可以设置相应的规则来屏蔽滥用流量。例如以下命令将阻止来自特定IPV4地址的流量
```bash
sudo iptables -A INPUT -s xxx.xxx.xxx.xxx -j DROP
```
### 3. 查询规则
设置完规则后,可以使用以下命令查看当前的 `iptables` 规则:
```bash
sudo iptables -L
```
这将列出所有输入、输出和转发的规则。
### 4. 停止 `iptables`
如果需要停止 `iptables` 服务,可以使用以下命令:
```bash
sudo systemctl stop iptables
```
### 5. 保存规则
为了确保在重启后规则依然生效,可以保存当前的规则:
```bash
sudo iptables-save | sudo tee /etc/iptables/rules.v4
```
### 6. 恢复规则
在需要恢复规则时,可以使用以下命令:
```bash
sudo iptables-restore < /etc/iptables/rules.v4
```
### 7. 其他常用命令
- **列出规则(详细信息)**
```bash
sudo iptables -L -v
```
- **删除特定规则**
```bash
sudo iptables -D INPUT -s 192.168.1.100 -j DROP
```
- **清空所有规则**
```bash
sudo iptables -F
```
## 在宿主机上屏蔽滥用行为
### 屏蔽挖矿行为
```
strings=(
"ethermine.com"
"antpool.one"
"antpool.com"
"pool.bar"
"get_peers"
"announce_peer"
"find_node"
"seed_hash"
)
for str in "${strings[@]}"; do
iptables -A OUTPUT -m string --string "$str" --algo bm -j DROP
done
```
### 屏蔽BT行为
```
strings=(
"torrent"
".torrent"
"peer_id="
"announce"
"info_hash"
"get_peers"
"find_node"
"BitTorrent"
"announce_peer"
"BitTorrent protocol"
"announce.php?passkey="
"magnet:"
"xunlei"
"sandai"
"Thunder"
"XLLiveUD"
)
for str in "${strings[@]}"; do
iptables -A OUTPUT -m string --string "$str" --algo bm -j DROP
done
```
### 屏蔽测速行为
```
strings=(
".speed"
"speed."
".speed."
"fast.com"
"speedtest.net"
"speedtest.com"
"speedtest.cn"
"test.ustc.edu.cn"
"10000.gd.cn"
"db.laomoe.com"
"jiyou.cloud"
"ovo.speedtestcustom.com"
"speed.cloudflare.com"
"speedtest"
)
for str in "${strings[@]}"; do
iptables -A OUTPUT -m string --string "$str" --algo bm -j DROP
done
```
Reference in New Issue View Git Blame Copy Permalink