centos iptables 局域网问题

Question

我是linux 新手, 今天想做一下iptables设置

iptables -P INPUT DROP
iptables -A INPUT -s 10.0.0.0 -d 10.0.0.0 -j ACCEPT
...

我的局域网ip段是 10.x.x.x

想让 局域网访问无限制, 其他网段 INPUT (外网) 一概阻止

但是这样设置有错误, 求指教. 

Answer 1

# Generated by iptables-save v1.4.7 on Wed Nov 14 18:34:20 2012

*filter

:INPUT DROP [15:2247]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [1797:222153]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT

-A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 2012 -j ACCEPT

-A OUTPUT -p tcp -m tcp --sport 2012 -j ACCEPT

COMMIT

# Completed on Wed Nov 14 18:34:20 2012

最后搞成了这样, 求批评.  2012 是ssh的.

Answer 2

表示子网掩码的 ：255.0.0.0

Answer 3

iptables -P INPUT DROP
iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT

Answer 4

1> 不是

2> 

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:16:3e:01:20:d2 brd ff:ff:ff:ff:ff:ff

    inet 10.200.54.122/20 brd 10.200.63.255 scope global eth0

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:16:3e:01:1f:8f brd ff:ff:ff:ff:ff:ff

    inet 不让看/22 brd 42.121.67.255 scope global eth1

3> ???

4> 谢谢

Answer 5

有个/etc/host.deny 配置文件，也能实现你的要求

Answer 6

1,你的机器是网关么?

2,起码给个本机的IP吧.

3,10.0.0.0是网段号.

Answer 7

iptables -P INPUT DROP
iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT