archlinux有默认防火墙(的设置)吗?

zswlb9999 · 发表于 2009-1-6 14:30:50

使用aMule时提示有防火墙.下载速度特慢!
查:
pacman -Ss iptables
有安装ipotables,但从未设置过,也查不到有iptables的配置文件.rc.conf中也没有iptables的模块.
但记得:
在设置pppoe-setup时有提示防火墙级别(0,1,2)当时选择了1.
archlinux 有默认的防火墙吗　?

xjpvictor · 发表于 2009-1-6 15:33:49

iptables规则在/etc/iptables里面，把simple_firewall.rules重命名为iptables.rules，然后自己在里面添加规则。
rc.conf在daemon中加入iptables就可以了。

wd_afei · 发表于 2009-1-6 15:53:06

iptable -L

zswlb9999 · 发表于 2009-1-6 16:05:36

这是怎么回事呢?
[root@myhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source             destination
LOG       udp  --  anywhere          anywhere          udp dpts:0:1023 LOG level warning
LOG       tcp  --  anywhere          anywhere          tcp dpts:0:1023 LOG level warning
DROP    udp  --  anywhere          anywhere          udp dpts:0:1023
DROP    tcp  --  anywhere          anywhere          tcp dpts:0:1023
LOG       tcp  --  anywhere          anywhere          tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning
DROP    tcp  --  anywhere          anywhere          tcp flags:FIN,SYN,RST,ACK/SYN
DROP    icmp --  anywhere          anywhere          icmp echo-request

Chain FORWARD (policy DROP)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination
[root@myhost etc]#

zswlb9999 · 发表于 2009-1-6 21:01:38

1)设置iptables.rules如下并设置rc.conf自动启动iptables
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p icmp -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -j REJECT --reject-with tcp-reset
-A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j REJECT --reject-with icmp-proto-unreachable

iptables -A INPUT -p tcp --dport 4662 -j ACCEPT
iptables -A INPUT -p udp --dport 4665 -j ACCEPT
iptables -A INPUT -p udp --dport 4672 -j ACCEPT

iptables -P OUTPUT ACCEPT

COMMIT
---------------
2)iptables -L
[root@myhost peter2]# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source             destination

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination
[root@myhost peter2]#
-------------
3)登录http://www.linuxsir.cn/bbs/showthread.php?p=1934865#post1934865
提示

Success The TCP port 4662 is available. You should be able to use the ED2K P2P service without any problems.

Your public address is 121.8.28.50 (121.8.28.50)
Coding by uberpenguin, idea by deltaHF, which he found here
-----------
但aMule依然提示“Kad有放火墙”。下载速度只有十余K

zhong · 发表于 2009-1-7 03:46:10

Post by zswlb9999;1934820

但记得:
在设置pppoe-setup时有提示防火墙级别(0,1,2)当时选择了1.
archlinux 有默认的防火墙吗?

重新启行pppoe-setup..防火墙级别选 0

或编辑 /etc/ppp/pppoe.conf 找到 "FIREWALL=xxxx" 改成 FIREWALL=NONE

crazyflapjack · 发表于 2010-7-30 08:29:33

如果amule提示firewall，可能不是iptable的事情，有可能你的端口被路由屏蔽着，导致你有一个lowid，不能完全达到最大下载速度。

		自动登录	找回密码
密码			注册