0
:iptables-save命令給出了奇怪的結果在一個空的iptables我做
$iptables -P INPUT DROP
$iptables -P OUTPUT DROP
$iptables -P FORWARD DROP
和SSH,HTTP和TEAMSPEAK
一些規則,當我做了iptables-save命令我得到的結果是允許一些IP
# Generated by iptables-save v1.4.8 on Thu Feb 20 23:55:32 2014
*raw
:PREROUTING ACCEPT [6299:1141558]
:OUTPUT ACCEPT [6172:2577934]
COMMIT
# Completed on Thu Feb 20 23:55:32 2014
# Generated by iptables-save v1.4.8 on Thu Feb 20 23:55:32 2014
*nat
:PREROUTING ACCEPT [328:23247]
:INPUT ACCEPT [170:9752]
:OUTPUT ACCEPT [1190:168880]
:POSTROUTING ACCEPT [717:89971]
COMMIT
# Completed on Thu Feb 20 23:55:32 2014
# Generated by iptables-save v1.4.8 on Thu Feb 20 23:55:32 2014
*mangle
:PREROUTING ACCEPT [6299:1141558]
:INPUT ACCEPT [6299:1141558]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6172:2577934]
:POSTROUTING ACCEPT [5699:2499025]
COMMIT
# Completed on Thu Feb 20 23:55:32 2014
# Generated by iptables-save v1.4.8 on Thu Feb 20 23:55:32 2014
*filter
:INPUT DROP [17:1024]
:FORWARD DROP [0:0]
:OUTPUT DROP [76:11042]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p udp -m udp --dport 9987 -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCE\
PT
-A OUTPUT -p tcp -m tcp --sport 80 -m conntrack --ctstate ESTABLISHED -j ACCEPT\
-A OUTPUT -p udp -m udp --sport 9987 -j ACCEPT
COMMIT
問題是,這是正常的嗎?我被黑了嗎?