我在iptables配置文件/ etc / sysconfig / iptables中有以下规则
- -A INPUT -s 84.23.99.97 -j DROP
当我做iptables –list时,我得到以下内容
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- DROP all -- 84.23.99.97 anywhere
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
但是,如果我执行tcpdump,我仍然可以从这个ip看到所有这些流量,为什么?
- tcpdump -ttttn tcp port 1234 | grep 84.23.99.97
- tcpdump: verbose output suppressed,use -v or -vv for full protocol decode
- listening on eth0,link-type EN10MB (Ethernet),capture size 65535 bytes
- 2010-10-21 23:49:33.828011 IP 84.23.99.97.9061 > myip: Flags [S],seq 3522466008,win 65535,options [mss 1460,sackOK,eol],length 0
- 2010-10-21 23:49:33.832182 IP 84.23.99.97.64804 > myip: Flags [S],seq 1088176500,length 0
- ....
解决方法
tcpdump
sees inbound traffic before it hits iptables.在上面的示例中,这解释了为什么您看到来自机器的入站SYN而不是SYN / ACK.
