作者: mcdull 時間: 2017-5-1 16:01 標題: 請教一下iptables
我正在merlin router起一個shadowsock server, 但怎也連不上.
netstat可以看見,
tcp 0 0 0.0.0.0:8388 0.0.0.0:* LISTEN
iptables是這樣的.
- pkts bytes target prot opt in out source destination
- 0 0 ACCEPT all -- tun21 any anywhere anywhere
- 0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:1194
- 0 0 DROP icmp -- vlan2 any anywhere anywhere icmp echo-request
- 2750 297K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
- 4 254 DROP all -- any any anywhere anywhere state INVALID
- 485 53238 ACCEPT all -- br0 any anywhere anywhere state NEW
- 973 237K ACCEPT all -- lo any anywhere anywhere state NEW
- 0 0 ACCEPT udp -- any any anywhere anywhere udp spt:bootps dpt:bootpc
- 3 144 SSHBFP tcp -- vlan2 any anywhere anywhere tcp dpt:ssh state NEW
- 0 0 ACCEPT icmp -- any any anywhere anywhere icmp !echo-request
- 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1723
- 0 0 ACCEPT gre -- any any anywhere anywhere
- 70 4015 DROP all -- any any anywhere anywhere
- 0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:8388
作者: mcdull 時間: 2017-5-1 17:26
It seems to me that the drop all rule is executed and the last accept rule is being ignored. However, in the firmware, I am only allowed to edit the "firewall-start" custom script for my own rule, can't imagine how it can be implemented.