1. 配置ip
/etc/conf.d/net DHCP 动态获取
代码语言:javascript复制config_eth0=( "dhcp" )固定IP
代码语言:javascript复制 config_eth0=( "192.168.0.2 netmask 255.255.255.0 brd 192.168.0.255" )
或者
config_eth0=( "192.168.0.2/24 brd 192.168.0.255" )
routes_eth0=( "default via 192.168.0.1" )2. DNS设置
/etc/resolv.conf
代码语言:javascript复制nameserver 202.96.209.5 202.96.209.1333. 重启网卡
代码语言:javascript复制/etc/init.d/net.eth0 start | stop | restart4. 配置防火墙 iptables
stop iptables services
/etc/init.d/iptables stop
disable all chains
iptables -F iptables -t nat -F iptables -t mangle -F
allow ssh
iptables -A INPUT -i eth0 -p tcp –dport 22 -j ACCEPT iptables -A INPUT -i eth0 -p tcp –dport 80 -j ACCEPT
allow old connection and deny new connection
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i eth0 -m state –state NEW,INVALID -j DROP
allow all localhost
iptables -A INPUT -i lo -j ACCEPT
define default policy
iptables -P FORWARD DROP iptables -P INPUT DROP iptables -P OUTPUT ACCEPT
save
/etc/init.d/iptables save /etc/init.d/iptables restart
#加入自动启动任务,使iptables自动启动 rc-update add iptables default
如何删除一条规则?比如删除80端口,让外面无法访问。 iptables -D INPUT -i eth0 -p tcp –dport 80 -j ACCEPT
如何再添加? iptables -I INPUT -i eth0 -p tcp –dport 80 -j ACCEPT
最后别忘记用 /etc/init.d/iptables save /etc/init.d/iptables restart 这两个命令保存并重启
- Previous 针对Intel Core i7优化安装Gentoo
- Next lighttpd配置之压缩文件(mod_compress)
