Linuxソスソスソス[ソス^ソス[ソス\ソスz(rp-pppoe+iptables)

ソスナ終ソスXソスVソスソスソスF 2019.06.17

ソスソスソスTソスv

Linuxソスソスソスソスソス[ソス^ソス[ソスノゑソスソスソスBソスソスソスソスソスナは、ソスソスハ的ソスネ市ソスフのソスソス[ソス^ソス[ソスニ難ソスソスソスソス謔、ソスノ以会ソスソスフゑソスソスニゑソスソスナゑソスソスソス謔、ソスノゑソスソスソスB
ソスソスLinuxソスソスソスソスソスfソスソスソスナ抵ソスソスソスPPPoEソスレ托ソスソスソスソスソス鼾ソスフみで、ソスsソスフソスソス[ソス^ソス[ソスoソスRソスレ托ソスソスツ具ソスソスフ場合ソスヘ不ソスソス

ソスyLinuxソスソスソス[ソス^ソス[ソスナでゑソスソスソス謔、ソスノゑソスソス驍アソスニ】
ソスEソスOソスソスソス[ソスoソスソスIPソスAソスhソスソスソスX1ソスツで、ソスソスソスソスソスフ包ソスソスソスソスフマソスVソスソスソスソスソスソスソスソスソスノイソスソスソス^ソス[ソスlソスbソスgソス利用ソスナゑソスソスソス謔、ソスノゑソスソスソスEソスEソスEIPソス}ソスXソスJソスソスソス[ソスh
ソスEソスeソスソスTソス[ソスoソス[ソスTソス[ソスrソスXソスノ必ソスvソスネポソス[ソスgソスネ外ソスフ外ソスソスソスソスソスソスフアソスNソスZソスXソスヘ遮断ソスソスソスソスEソスEソスEソスtソス@ソスCソスAソスEソスHソス[ソスソス
ソスEソスTソス[ソスoソス[ソス@ソスニソスソス[ソス^ソス[ソス@ソスソスソスルなゑソス鼾ソスナゑソスソスOソスソスソスソスソスソスTソス[ソスoソス[ソス@ソスフ各ソスソスTソス[ソスoソス[ソスTソス[ソスrソスXソスヨアソスNソスZソスXソスツ能ソスノゑソスソスソスEソスEソスENAT

ソスyソスKソスvソスネ機ソスソスz
ソスEソスlソスbソスgソスソスソス[ソスNソスAソス_ソスvソス^(NIC)ソス~2(ソスCソスソスソス^ソス[ソスlソスbソスg(ソスOソスソスソスソスソスソス)ソスレ托ソスソスpソスニLソス`ソスm(ソスソスソスソスソスソスソスソス)ソスレ托ソスソスpソスソス2ソスソス)

ソスyソスOソスソスニゑソスソスソスlソスbソスgソスソスソス[ソスNソスソスソスソスソスz
ソスlソスbソスgソスソスソス[ソスNソスAソスhソスソスソスXソスF192.168.1.0/24
Linuxソスソスソス[ソス^ソス[IPソスAソスhソスソスソスXソスF192.168.1.1ソスナ抵ソス
ソスソスソスJソスTソス[ソスoソス[IPソスAソスhソスソスソスXソスF192.168.1.4ソスナ抵ソス
ソスNソスソスソスCソスAソスソスソスgIPソスAソスhソスソスソスXソスF192.168.1.3ソス`192.168.1.254

ソスyソスzソス閧キソスソスlソスbソスgソスソスソス[ソスNソスツ具ソスソスz



ソスソスソスlソスbソスgソスソスソス[ソスNソスAソス_ソスvソス^(NIC)ソスン抵ソス

ソスiソスPソスjNIC(eth1ソスソス)ソスソスソスOソスソスソスレ托ソスソスpソスノ設抵ソス
[root@centos ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1ソス@ソスソスソス@NIC(eth1ソスソス)ソスン抵ソスtソス@ソスCソスソスソスメ集
DEVICE=eth1
BOOTPROTO=static
HWADDR=xx:xx:xx:xx:xx:xx
ONBOOT=no

[root@centos ~]# /etc/rc.d/init.d/network reloadソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスン定反ソスf
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0 ソスソスソスIソスソスソスソス:                            [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソス[ソスXソスソスソスIソスソスソスソス                       [  OK  ]
ソスlソスbソスgソスソスソス[ソスNソスpソスソスソスソスソス[ソス^ソス[ソスソスン定中:                          [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソスCソスXソスソスソストび搾ソスソスン抵ソス                   [  OK  ]
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0 ソスソスソスソスソスソスソスソスソスソス:                          [  OK  ]
eth1ソスソスソスNソスソスソスソスソスネゑソスソスソスソスニゑソスソスmソスF

[root@centos ~]# ifconfig eth1ソス@ソスソスソス@NIC(eth1ソスソス)ソスン抵ソスmソスF
eth1      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:588 (588.0 b)
inet addrソスソスソス\ソスソスソスソスソスソスネゑソスソスソスソスニゑソスソスmソスF

ソスiソスQソスjNIC(eth0ソスソス)ソスソスソスソスソスソスレ托ソスソスpソスノ設抵ソス
[root@centos ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0ソス@ソスソスソス@NIC(eth0ソスソス)ソスlソスbソスgソスソスソス[ソスNソスン抵ソスtソス@ソスCソスソスソスメ集
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
HWADDR=xx:xx:xx:xx:xx:xx
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
GATEWAY=192.168.1.1

[root@centos ~]# /etc/rc.d/init.d/network reloadソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスン定反ソスf
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0ソスソスソスIソスソスソスソス:                             [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソス[ソスX ソスソスソスIソスソスソスソス                      [  OK  ]
ソスlソスbソスgソスソスソス[ソスNソスpソスソスソスソスソス[ソス^ソス[ソスソスン定中:                          [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソスCソスXソスソスソストび搾ソスソスン抵ソス                   [  OK  ]
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0ソスソスソスソスソスソスソスソスソスソス:                           [  OK  ]

[root@centos ~]# ifconfig eth0ソス@ソスソスソス@NIC(eth0ソスソス)ソスlソスbソスgソスソスソス[ソスNソスン抵ソスmソスF
eth0      Link encap:Ethernet  HWaddr XX:XX:XX:XX:XX:XX
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0ソス@ソスソスソス@IPソスAソスhソスソスソスXソスソス192.168.1.1ソスノなゑソスソストゑソスソス驍アソスソス
          inet6 addr: fe80::290:99ff:fe80:272d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22625 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29064 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2536922 (2.4 Mb)  TX bytes:21279369 (20.2 Mb)
          Interrupt:3 Base address:0x7400

ソスソスソスuソスソスソス[ソスhソスoソスソスソスhソスソスソスfソスソスソスナイソスソスソス^ソス[ソスlソスbソスgソスレ托ソス(PPPoE)

ソスiソスPソスjソスCソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスン抵ソス
[root@centos ~]# adsl-setupソス@ソスソスソス@ADSLソスレ托ソスソスン抵ソスRソス}ソスソスソスhソスソスソスソス
Welcome to the ADSL client setup.  First, I will run some checks on
your system to make sure the PPPoE client is installed properly...


LOGIN NAME

Enter your Login Name (default root): xxxxxxxxソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スソスソスソス[ソスUソス[IDソスソスソスソスソスソス

INTERFACE

Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0): eth1ソス@ソスソスソス@eth1ソスソスソスソス

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped.  If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses.  You may have some problems with demand-activated links.
Enter the demand value (default no): ソス@ソスソスソス@ソスソスENTER

DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: xxx.xxx.xxx.xxxソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スDNSソスTソス[ソスoソス[(ソスvソスソスソスCソス}ソスソス)ソスソスソスソスソスソス
Please enter the IP address of your ISP's secondary DNS server.
If you just press enter, I will assume there is only one DNS server.
Enter the secondary DNS server address here: xxx.xxx.xxx.xxxソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スDNSソスTソス[ソスoソス[(ソスZソスJソスソスソス_ソスソス)ソスソスソスソスソスソス

DNS

Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: ソス@ソスソスソス@ソスソスENTER

PASSWORD

Please enter your Password: ソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スソスpソスXソスソスソス[ソスhソスソスソスソスソスソスソスソスソス\ソスソスソスヘゑソスソスソスネゑソス
Please re-enter your Password: ソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スソスpソスXソスソスソス[ソスhソスソスソスソスソスソス(ソスmソスF)ソスソスソス\ソスソスソスヘゑソスソスソスネゑソス

USERCTRL

Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes): noソス@ソスソスソス@noソスソスソスソス(rootソスソスソス[ソスUソス[ソスフみイソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスソスソスソスソスソスソスソスソス)

FIREWALLING

Please choose the firewall rules to use.  Note that these rules are
very basic.  You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security.  If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself.  Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc.  If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 - NONE: This script will not set any firewall rules.  You are responsible
          for ensuring the security of your machine.  You are STRONGLY
          recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
                for a LAN
Choose a type of firewall (0-2): 2ソス@ソスソスソス@2ソスソスソスソス

Start this connection at boot time

Do you want to start this connection at boot time?
Please enter no or yes (default no): yesソス@ソスソスソス@yesソスソスソスソス

** Summary of what you entered **

Ethernet Interface: eth1
User name:          xxxxxxxx
Activate-on-demand: No
Primary DNS:        xxx.xxx.xxx.xxx
Secondary DNS:      xxx.xxx.xxx.xxx
Firewalling:        MASQUERADE
User Control:       no
Accept these settings and adjust configuration files (y/n)? yソス@ソスソスソス@ソスン抵ソスmソスFソスソスソスソスyソスソスソスソス
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/resolv.conf
  (But first backing it up to /etc/resolv.conf.bak)
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
  (But first backing it up to /etc/ppp/chap-secrets.bak)
  (But first backing it up to /etc/ppp/pap-secrets.bak)



Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'to see the link status.

[root@centos ~]# vi /etc/sysconfig/network-scripts/ifcfg-ppp0ソス@ソスソスソス@ソスCソスソスソス^ソスtソスFソス[ソスXソスン抵ソスtソス@ソスCソスソスソスメ集
LINUX_PLUGIN=/usr/lib/pppd/2.4.4/rp-pppoe.soソス@ソスソスソス@ソスヌ会ソス(ソスJソス[ソスlソスソスソスソスソス[ソスhPPPoEソスレ托ソス)ソスソス32Bitソスフ場合
LINUX_PLUGIN=/usr/lib64/pppd/2.4.4/rp-pppoe.soソス@ソスソスソス@ソスヌ会ソス(ソスJソス[ソスlソスソスソスソスソス[ソスhPPPoEソスレ托ソス)>ソスソス64Bitソスフ場合

ソスiソスQソスjソスCソスソスソス^ソス[ソスlソスbソスgソスレ托ソス
[root@localhost ~]# /etc/rc.d/init.d/network restartソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスト起ソスソス
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0 ソスソスソスIソスソスソスソス:                            [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソス[ソスXソスソスソスIソスソスソスソス                       [  OK  ]
IPv4 ソスpソスPソスbソスgソス]ソスソスソス無鯉ソスソスソスソスソス:  net.ipv4.ip_forward = 0
                                                           [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソスCソスXソスソスソストび搾ソスソスン抵ソス                   [  OK  ]
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0 ソスソスソスソスソスソスソスソスソスソス:                          [  OK  ]
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX ppp0 ソスソスソスソスソスソスソスソスソスソス:                          [  OK  ]ソス@ソスソスソス@ppp0ソスNソスソスソスソスソスmソスF

ソスiソスRソスjソスCソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスmソスF
[root@client ~]# ping -c 4 www.kernel.orgソス@ソスソスソス@ソスOソスソス(www.kernel.org)ソスニ通信ソスナゑソスソス驍ゥソスmソスF
PING pub.all.kernel.org (199.204.44.194) 56(84) bytes of data.
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=1 ttl=47 time=183 ms
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=2 ttl=47 time=183 ms
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=3 ttl=47 time=183 ms
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=4 ttl=47 time=183 ms

--- pub.all.kernel.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3139msソス@ソスソスソス@0% packet lossソスソスソスmソスF
rtt min/avg/max/mdev = 134.565/134.881/135.334/0.531 ms

ソスソスIPソス}ソスXソスJソスソスソス[ソスh&ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスン抵ソス

ソスiソスPソスjiptablesソスン抵ソス
[root@centos ~]# vi iptables-router.shソス@ソスソスソス@iptablesソスン抵ソスXソスNソスソスソスvソスgソス成
#!/bin/bash

#---------------------------------------#
# ソスン抵ソスJソスn                              #
#---------------------------------------#

# LANソスCソスソスソス^ソスtソスFソス[ソスXソスソスソスソス`
LAN=eth0

# WANソスCソスソスソス^ソスtソスFソス[ソスXソスソスソスソス`
WAN=ppp0

# ソスソスソスJソスTソス[ソスoソス[ソスvソスソスソスCソスxソス[ソスgIPソスAソスhソスソスソスXソスソス`
SERVER=192.168.1.3

#---------------------------------------#
# ソスン抵ソスIソスソス                              #
#---------------------------------------#

# ソスソスソスzソスXソスgソスvソスソスソスCソスxソス[ソスgIPソスAソスhソスソスソスXソス謫セ
IPADDR=`ifconfig $LAN|sed -e 's/^.*inet addr:\([^ ]*\).*$/\1/p' -e d`

# LANソスlソスbソスgソス}ソスXソスNソス謫セ
LOCALNET_MASK=`ifconfig $LAN|sed -e 's/^.*Mask:\([^ ]*\)$/\1/p' -e d`

# LANソスlソスbソスgソスソスソス[ソスNソスAソスhソスソスソスXソス謫セ
LOCALNET_ADDR=`netstat -rn|grep $LAN|grep $LOCALNET_MASK|grep 0.0.0.0|cut -f1 -d' '`
LOCALNET=$LOCALNET_ADDR/$LOCALNET_MASK

# ソスヌみ搾ソスソスン対象ソスソスWソスソスソス[ソスソスソスヌ会ソス
sed -i '/IPTABLES_MODULES/d' /etc/sysconfig/iptables-config
modinfo ip_nat_pptp > /dev/null 2>&1
if [ $? -eq 0 ]; then
    echo "IPTABLES_MODULES=\"ip_conntrack_ftp ip_nat_ftp ip_nat_pptp\"" >> /etc/sysconfig/iptables-config
else
    echo "IPTABLES_MODULES=\"ip_conntrack_ftp ip_nat_ftp\"" >> /etc/sysconfig/iptables-config
fi

# ソスpソスPソスbソスgソス]ソスソスソスソス~
# ソスソスソスソスソス[ソスソスソスン定中ソスフパソスPソスbソスgソスハ過防ソス~
sysctl -w net.ipv4.ip_forward=0 > /dev/null

# ソスfソスtソスHソスソスソスgソスソスソス[ソスソス(ソスネ降ソスフソスソス[ソスソスソスノマソスbソス`ソスソスソスネゑソスソスソスソスソスソス鼾ソスノ適ソスpソスソスソス驛具ソス[ソスソス)ソスン抵ソス
IPTABLES_CONFIG_NAT=`mktemp`
IPTABLES_CONFIG_FILTER=`mktemp`
echo "*nat" >> $IPTABLES_CONFIG_NAT
echo ":PREROUTING ACCEPT [0:0]" >> $IPTABLES_CONFIG_NAT
echo ":POSTROUTING ACCEPT [0:0]" >> $IPTABLES_CONFIG_NAT
echo ":OUTPUT ACCEPT [0:0]" >> $IPTABLES_CONFIG_NAT
echo "*filter" >> $IPTABLES_CONFIG_FILTER
echo ":INPUT DROP [0:0]" >> $IPTABLES_CONFIG_FILTER       # ソスソスMソスヘゑソスソスラて破ソスソス
echo ":FORWARD DROP [0:0]" >> $IPTABLES_CONFIG_FILTER     # ソスハ過はゑソスソスラて破ソスソス
echo ":OUTPUT ACCEPT [0:0]" >> $IPTABLES_CONFIG_FILTER    # ソスソスソスMソスヘゑソスソスラて具ソスソスソス
echo ":ACCEPT_COUNTRY - [0:0]" >> $IPTABLES_CONFIG_FILTER # ソスwソス閧オソスソスソスソスソスソスソスソスフアソスNソスZソスXソスソスソスソスソスソス
echo ":DROP_COUNTRY - [0:0]" >> $IPTABLES_CONFIG_FILTER   # ソスwソス閧オソスソスソスソスソスソスソスソスフアソスNソスZソスXソスソスjソスソス
echo ":LOG_FRAGMENT - [0:0]" >> $IPTABLES_CONFIG_FILTER   # ソスtソスソスソスOソスソスソスソスソスgソスソスソスソスソス黷スソスpソスPソスbソスgソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
echo ":LOG_INGRESS - [0:0]" >> $IPTABLES_CONFIG_FILTER    # ソスソスソスMソスソスIPソスAソスhソスソスソスXソスソスLANソスlソスbソスgソスソスソス[ソスNソスヘ囲外ソスフアソスNソスZソスXソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
echo ":LOG_PINGDEATH - [0:0]" >> $IPTABLES_CONFIG_FILTER  # Ping of DeathソスUソスソスソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
echo ":LOG_SPOOFING - [0:0]" >> $IPTABLES_CONFIG_FILTER   # WANソスソスソスソスフ托ソスソスMソスソスソスソスソスvソスソスソスCソスxソス[ソスgIPソスAソスhソスソスソスXソスフパソスPソスbソスgソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス

# ソスpソスXMTUソスソスソスホ擾ソス
echo "-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu" >> $IPTABLES_CONFIG_FILTER

# SYN CookiesソスソスLソスソスソスノゑソスソスソス
# ソスソスTCP SYN FloodソスUソスソスソスホ搾ソス
sysctl -w net.ipv4.tcp_syncookies=1 > /dev/null
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies=1" >> /etc/sysctl.conf

# ソスuソスソスソス[ソスhソスLソスソスソスXソスgソスAソスhソスソスソスXソスソスpingソスノは会ソスソスソスソスソスソスネゑソス
# ソスソスSmurfソスUソスソスソスホ搾ソス
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 > /dev/null
sed -i '/net.ipv4.icmp_echo_ignore_broadcasts/d' /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts=1" >> /etc/sysctl.conf

# ICMP RedirectソスpソスPソスbソスgソスヘ具ソスソスソス
sed -i '/net.ipv4.conf.*.accept_redirects/d' /etc/sysctl.conf
for dev in `ls /proc/sys/net/ipv4/conf/`
do
    sysctl -w net.ipv4.conf.$dev.accept_redirects=0 > /dev/null
    echo "net.ipv4.conf.$dev.accept_redirects=0" >> /etc/sysctl.conf
done

# Source RoutedソスpソスPソスbソスgソスヘ具ソスソスソス
sed -i '/net.ipv4.conf.*.accept_source_route/d' /etc/sysctl.conf
for dev in `ls /proc/sys/net/ipv4/conf/`
do
    sysctl -w net.ipv4.conf.$dev.accept_source_route=0 > /dev/null
    echo "net.ipv4.conf.$dev.accept_source_route=0" >> /etc/sysctl.conf
done

# ソスtソスソスソスOソスソスソスソスソスgソスソスソスソスソス黷スソスpソスPソスbソスgソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
echo "-A LOG_FRAGMENT -j LOG --log-tcp-options --log-ip-options --log-prefix \"[IPTABLES FRAGMENT] : \"" >> $IPTABLES_CONFIG_FILTER
echo "-A LOG_FRAGMENT -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -f -j LOG_FRAGMENT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -f -j LOG_FRAGMENT" >> $IPTABLES_CONFIG_FILTER

# WANソスソスソスソスフ托ソスソスMソスソスソスソスソスvソスソスソスCソスxソス[ソスgIPソスAソスhソスソスソスXソスフパソスPソスbソスgソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
# ソスソスIP spoofingソスUソスソスソスホ搾ソス
echo "-A LOG_SPOOFING -j LOG --log-tcp-options --log-ip-options --log-prefix \"[IPTABLES SPOOFING] : \"" >> $IPTABLES_CONFIG_FILTER
echo "-A LOG_SPOOFING -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -i ppp+ -s 127.0.0.0/8    -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -i ppp+ -s 10.0.0.0/8     -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -i ppp+ -s 172.16.0.0/12  -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -i ppp+ -s 192.168.0.0/16 -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -s 127.0.0.0/8    -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -s 10.0.0.0/8     -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -s 172.16.0.0/12  -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -s 192.168.0.0/16 -j LOG_SPOOFING" >> $IPTABLES_CONFIG_FILTER

# WANソスニゑソスNetBIOSソスヨ連ソスフアソスNソスZソスXソスヘソスソスOソスソスソスLソス^ソスソスソスソスソスノ破ソスソス
echo "-A INPUT -i ppp+ -p tcp -m multiport --dports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -i ppp+ -p udp -m multiport --dports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A OUTPUT -o ppp+ -p tcp -m multiport --sports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A OUTPUT -o ppp+ -p udp -m multiport --sports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -p tcp -m multiport --dports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -p udp -m multiport --dports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -o ppp+ -p tcp -m multiport --sports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -o ppp+ -p udp -m multiport --sports 135,137,138,139,445 -j DROP" >> $IPTABLES_CONFIG_FILTER

# 1ソスbソスヤゑソス4ソスソス超ゑソスソスソスpingソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
echo "-A LOG_PINGDEATH -m limit --limit 1/s --limit-burst 4 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A LOG_PINGDEATH -j LOG --log-prefix \"[IPTABLES PINGDEATH] : \"" >> $IPTABLES_CONFIG_FILTER
echo "-A LOG_PINGDEATH -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -p icmp --icmp-type echo-request -j LOG_PINGDEATH" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -o ! ppp+ -p icmp --icmp-type echo-request -j LOG_PINGDEATH" >> $IPTABLES_CONFIG_FILTER

# ソスソスソスMソスソスIPソスAソスhソスソスソスXソスソスLANソスlソスbソスgソスソスソス[ソスNソスヘ囲外ソスフアソスNソスZソスXソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
# ソスソスIngressソスホ搾ソス
echo "-A LOG_INGRESS -j LOG --log-tcp-options --log-ip-options --log-prefix \"[IPTABLES INGRESS] : \"" >> $IPTABLES_CONFIG_FILTER
echo "-A LOG_INGRESS -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i $LAN -s ! $LOCALNET -j LOG_INGRESS" >> $IPTABLES_CONFIG_FILTER

# ソスソスソスzソスXソスgソスソスソスソスフアソスNソスZソスXソスソスソスソスソスラて具ソスソスソス
echo "-A INPUT -i lo -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

# LANソスソスソスソスフアソスNソスZソスXソスソスソスソスソスラて具ソスソスソス
echo "-A INPUT -i $LAN -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i $LAN -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

# LANソスソスソスソスフイソスソスソス^ソス[ソスlソスbソスgソスヨの難ソスソスソスソスレ托ソスソスソスソスツ能ソスノゑソスソスソス
# ソスソスIP masquerade(NAPT) 
WAN_INF=`ls /etc/sysconfig/network-scripts/ifcfg-*|sed -e 's/^.*ifcfg-\([^ ]*\).*$/\1/p' -e d|grep ppp`
for dev in $WAN_INF
do
    echo "-A POSTROUTING -o $dev -j MASQUERADE" >> $IPTABLES_CONFIG_NAT
done

# LANソスソスソスソスsソスソスソスソスソスAソスNソスZソスXソスノ対ゑソスソスソスWANソスソスソスソスフ返難ソスソスAソスNソスZソスXソスソスソスソスソスソス
echo "-A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

# DNSソスソスソスソスソスAソスNソスZソスXソスソスソスソスソスソス
echo "-A INPUT -p udp --sport 53 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

# WANソスソスソスソスフ必ソス{ICMPソスpソスPソスbソスgソスソスソスソスソスソス
echo "-A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -p icmp --icmp-type source-quench -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -p icmp --icmp-type destination-unreachable -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -p icmp --icmp-type source-quench -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -p icmp --icmp-type time-exceeded -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -p icmp --icmp-type parameter-problem -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

# 113ソスヤポソス[ソスg(IDENT)ソスヨのアソスNソスZソスXソスノは具ソスソスロ会ソスソスソス
# ソスソスソスソスソス[ソスソスソスTソス[ソスoソスソスソスフソスソスXソス|ソスソスソスXソス瘟コソスhソス~
echo "-A INPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -p tcp --dport 113 -j REJECT --reject-with tcp-reset" >> $IPTABLES_CONFIG_FILTER

# ACCEPT_COUNTRY_MAKEソスヨ撰ソスソスソス`
# ソスwソス閧ウソス黷スソスソスソスソスIPソスAソスhソスソスソスXソスソスソスソスフアソスNソスZソスXソスソスソスソスソスツゑソスソス驛ソス[ソスUソスソス`ソス`ソスFソスCソスソスソス成
ACCEPT_COUNTRY_MAKE(){
    for addr in `cat /tmp/cidr.txt|grep ^$1|awk '{print $2}'`
    do
        echo "-A ACCEPT_COUNTRY -s $addr -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    done
    grep ^$1 $IP_LIST >> $CHK_IP_LIST
}

# DROP_COUNTRY_MAKEソスヨ撰ソスソスソス`
# ソスwソス閧ウソス黷スソスソスソスソスIPソスAソスhソスソスソスXソスソスソスソスフアソスNソスZソスXソスソスjソスソスソスソスソス驛ソス[ソスUソスソス`ソス`ソスFソスCソスソスソス成
DROP_COUNTRY_MAKE(){
    for addr in `cat /tmp/cidr.txt|grep ^$1|awk '{print $2}'`
    do
        echo "-A DROP_COUNTRY -s $addr -m limit --limit 1/s -j LOG --log-prefix \"[IPTABLES DENY_COUNTRY] : \"" >> $IPTABLES_CONFIG_FILTER
        echo "-A DROP_COUNTRY -s $addr -j DROP" >> $IPTABLES_CONFIG_FILTER
    done
    grep ^$1 $IP_LIST >> $CHK_IP_LIST
}

# IPソスAソスhソスソスソスXソスソスソスXソスgソス謫セ
IP_LIST=/tmp/cidr.txt
CHK_IP_LIST=/tmp/IPLIST
if [ ! -f $IP_LIST ]; then
    wget -q http://nami.jp/ipv4bycc/cidr.txt.gz
    gunzip -c cidr.txt.gz > $IP_LIST
    rm -f cidr.txt.gz
fi
rm -f $CHK_IP_LIST

# ソスソスソス{ソスソスソスソスフアソスNソスZソスXソスソスソスソスソスツゑソスソス驛ソス[ソスUソスソス`ソス`ソスFソスCソスソスACCEPT_COUNTRYソス成
ACCEPT_COUNTRY_MAKE JP
# ソスネ降,ソスソスソス{ソスソスソスソスフみアソスNソスZソスXソスソスソスソスソスツゑソスソスソスソスソスソス鼾ソスソスACCEPTソスフゑソスソスソスソスソスACCEPT_COUNTRYソスソスソスwソス閧キソスソス

# ソスSソスソスソスxソス@ソス{ソスンへの攻ソスソスソスソスソスソスハ5ソスJソスソス(ソスソスソス{ソスEソスAソスソスソスソスソスJソスソスソスソスソスソス)ソスソスソスソスフアソスNソスZソスXソスソスソスソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
# http://www.cyberpolice.go.jp/detect/observation.htmlソスソスソス
DROP_COUNTRY_MAKE CN
DROP_COUNTRY_MAKE CA
DROP_COUNTRY_MAKE IR
DROP_COUNTRY_MAKE NL
DROP_COUNTRY_MAKE TW
echo "-A INPUT -j DROP_COUNTRY" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -j DROP_COUNTRY" >> $IPTABLES_CONFIG_FILTER

#----------------------------------------------------------#
# ソスソスソスzソスXソスgソスソスソスeソスソスTソス[ソスrソスXソスソスソスソスソスJソスソスソスソス鼾ソスフ設抵ソス(ソスソスソスソスソスソスソスソス)     #
#----------------------------------------------------------#

router_eq_server(){

    # WANソスソスソスソスソス22ソスヤポソス[ソスg(SSH)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスSSHソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 22 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソスTCP/UDP53ソスヤポソス[ソスg(DNS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスWANソスソスソスソスDNSソスTソス[ソスoソス[ソスソスソス^ソスpソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 53 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    echo "-A INPUT -i $WAN -p udp --dport 53 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス80ソスヤポソス[ソスg(HTTP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスWebソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 80 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス443ソスヤポソス[ソスg(HTTPS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスWebソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 443 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス21ソスヤポソス[ソスg(FTP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスFTPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 21 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソスPASVソスpソス|ソス[ソスg(FTP-DATA)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスFTPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    # ソスソスPASVソスpソス|ソス[ソスg60000:60030ソスヘ難ソスソスTソスCソスgソスフ設抵ソスソス
    echo "-A INPUT -i $WAN -p tcp --dport 60000:60030 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス25ソスヤポソス[ソスg(SMTP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスSMTPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 25 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス465ソスヤポソス[ソスg(SMTPS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスSMTPSソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 465 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス110ソスヤポソス[ソスg(POP3)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスPOP3ソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 110 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス995ソスヤポソス[ソスg(POP3S)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスPOP3SソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 995 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス143ソスヤポソス[ソスg(IMAP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスIMAPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 143 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

    # WANソスソスソスソスソス993ソスヤポソス[ソスg(IMAPS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス
    # ソスソスIMAPSソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A INPUT -i $WAN -p tcp --dport 993 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER

}

#----------------------------------------------------------#
# ソスソスソスzソスXソスgソスソスソスeソスソスTソス[ソスrソスXソスソスソスソスソスJソスソスソスソス鼾ソスフ設抵ソス(ソスソスソスソスソスワゑソス)     #
#----------------------------------------------------------#

#----------------------------------------------------------#
# ソスソスソスzソスXソスgソスソスソスeソスソスTソス[ソスrソスXソスソスソスソスソスJソスソスソスソス鼾ソスフ設抵ソス(ソスソスソスソスソスソスソスソス)     #
#----------------------------------------------------------#

router_ne_server(){

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス22ソスヤポソス[ソスg(SSH)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスSSHソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 22 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 22 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソスTCP/UDP53ソスヤポソス[ソスg(DNS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスWANソスソスソスソスDNSソスTソス[ソスoソス[ソスソスソス^ソスpソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 53 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 53 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT
    echo "-A FORWARD -i $WAN -p udp -d $SERVER --dport 53 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p udp --dport 53 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス80ソスヤポソス[ソスg(HTTP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスWebソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 80 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 80 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス443ソスヤポソス[ソスg(HTTPS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスWebソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 443 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 443 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス21ソスヤポソス[ソスg(FTP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスFTPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 21 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 21 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソスPASVソスpソス|ソス[ソスg(FTP-DATA)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスFTPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    # ソスソスPASVソスpソス|ソス[ソスg60000:60030ソスヘ難ソスソスTソスCソスgソスフ設抵ソスソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 60000:60030 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 60000:60030 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス25ソスヤポソス[ソスg(SMTP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスSMTPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 25 -j ACCEPT" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 25 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス465ソスヤポソス[ソスg(SMTPS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスSMTPSソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 465 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 465 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス110ソスヤポソス[ソスg(POP3)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスPOP3ソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 110 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 110 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス995ソスヤポソス[ソスg(POP3S)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスPOP3SソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 995 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 995 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス143ソスヤポソス[ソスg(IMAP)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスIMAPソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 143 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 143 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソス993ソスヤポソス[ソスg(IMAPS)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスIMAPSソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p tcp -d $SERVER --dport 993 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p tcp --dport 993 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT

    # WANソスソスソスソスフ鯉ソスソスJソスTソス[ソスoソス[ソスソスUDP1194ソスヤポソス[ソスg(OpenVPN)ソスヨのアソスNソスZソスXソスソスソスソスソスソス&ソス]ソスソス
    # ソスソスOpenVPNソスTソス[ソスoソス[ソスソスソスソスソスJソスソスソスソス鼾ソスフゑソス
    echo "-A FORWARD -i $WAN -p udp -d $SERVER --dport 1194 -j ACCEPT_COUNTRY" >> $IPTABLES_CONFIG_FILTER
    echo "-A PREROUTING -i $WAN -p udp --dport 1194 -j DNAT --to $SERVER" >> $IPTABLES_CONFIG_NAT



}

#----------------------------------------------------------#
# ソスソスソスzソスXソスgソスソスソスeソスソスTソス[ソスrソスXソスソスソスソスソスJソスソスソスソス鼾ソスフ設抵ソス(ソスソスソスソスソスワゑソス)     #
#----------------------------------------------------------#

# ソスソスソスソスIPソスAソスhソスソスソスXソスソスソスソスフアソスNソスZソスXソスヘソスソスOソスソスソスLソス^ソスソスソスソスソスノ破ソスソス
# ソスソスソスソスソスソスIPソスAソスhソスソスソスXソスソス/root/deny_ipソスソス1ソスsソスソスソスニに記ソスqソスソスソストゑソスソスソスソスソスソスソス
# (/root/deny_ipソスソスソスネゑソスソスソスホなにゑソスソスソスソスネゑソス)
if [ -s /root/deny_ip ]; then
    for ip in `cat /root/deny_ip`
    do
        echo "-I INPUT -s $ip -j DROP" >> $IPTABLES_CONFIG_FILTER
    done
fi

# ソスソスソスJソスTソス[ソスoソス[ソスソスソスソスソスzソスXソスgソスフ場合ソスフソスソス[ソスソスソスン抵ソスソスソスsソスソス
[ "$SERVER" = "$IPADDR" ] || [ $SERVER = 127.0.0.1 ] && router_eq_server

# ソスソスソスJソスTソス[ソスoソス[ソスソスソスソスソスzソスXソスgソスフ場合ソスフソスソス[ソスソスソスン抵ソスソスソスsソスソス
[ "$SERVER" != "$IPADDR" ] && [ $SERVER != 127.0.0.1 ] && router_ne_server


# ソスソスLソスフソスソス[ソスソスソスノマソスbソス`ソスソスソスネゑソスソスソスソスソスソスAソスNソスZソスXソスヘソスソスOソスソスソスLソス^ソスソスソスト破ソスソス
echo "-A INPUT -j LOG --log-tcp-options --log-ip-options --log-prefix \"[IPTABLES INPUT] : \"" >> $IPTABLES_CONFIG_FILTER
echo "-A INPUT -j DROP" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -j LOG --log-tcp-options --log-ip-options --log-prefix \"[IPTABLES FORWARD] : \"" >> $IPTABLES_CONFIG_FILTER
echo "-A FORWARD -j DROP" >> $IPTABLES_CONFIG_FILTER

# ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスNソスソス
echo "COMMIT" >> $IPTABLES_CONFIG_NAT
echo "COMMIT" >> $IPTABLES_CONFIG_FILTER
cat $IPTABLES_CONFIG_NAT $IPTABLES_CONFIG_FILTER > /etc/sysconfig/iptables
if [ -f /usr/libexec/iptables/iptables.init ]; then
    /usr/libexec/iptables/iptables.init restart
else
    /etc/rc.d/init.d/iptables restart
fi
rm -f $IPTABLES_CONFIG_NAT $IPTABLES_CONFIG_FILTER

# ソスpソスPソスbソスgソス]ソスソスソスJソスn
sysctl -w net.ipv4.ip_forward=1 > /dev/null
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf



[root@centos ~]# chmod 700 iptables-router.shソス@ソスソスソス@iptablesソスン抵ソスXソスNソスソスソスvソスgソスヨ趣ソスソスsソスソスソスソスソスtソスソス

[root@centos ~]# ./iptables-router.shソス@ソスソスソス@iptablesソスン抵ソスXソスNソスソスソスvソスgソスソスソスs
ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスソスソス[ソスソスソスソスKソスpソスソス:                            [  OK  ]
ソス`ソスFソスCソスソスソス|ソスソスソスVソス[ソスソス ACCEPT ソスノ設定中filter nat               [  OK  ]
iptables ソスソスソスWソスソスソス[ソスソスソスソスソスソスソスOソスソスソスソス                            [  OK  ]
ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスフソスソス[ソスソスソスソス /etc/sysconfig/iptables ソスノ保托ソスソスソス[  OK  ]
ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスソスソス[ソスソスソスソスKソスpソスソス:                            [  OK  ]
ソス`ソスFソスCソスソスソス|ソスソスソスVソス[ソスソス ACCEPT ソスノ設定中nat filter               [  OK  ]
iptables ソスソスソスWソスソスソス[ソスソスソスソスソスソスソスOソスソスソスソス                            [  OK  ]
iptables ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスソスソス[ソスソスソスソスKソスpソスソス:                   [  OK  ]
iptables ソスソスソスWソスソスソス[ソスソスソスソスヌみ搾ソスソスン抵ソスip_conntrack_ftp ip_nat_ftp [  OK  ]

ソスiソスQソスjiptablesソスソスソスソスソスNソスソスソスン抵ソス
ソスCソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスソスソスノ趣ソスソスsソスソスソスソスソス/etc/ppp/firewall-masqソスナ、ソスCソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスソスノフソス@ソスCソスAソスEソスHソス[ソスソスソスソスソスNソスソスソスソスソスソスソス謔、ソスノゑソスソスソスB
[root@centos ~]# mv /etc/ppp/firewall-masq /etc/ppp/firewall-masq.orgソス@ソスソスソス@ソスfソスtソスHソスソスソスgソスソス/etc/ppp/firewall-masqソスソスソスソスソスlソス[ソスソス

[root@centos ~]# vi /etc/ppp/firewall-masqソス@ソスソスソス@/etc/ppp/firewall-masqソス成
#!/bin/bash

# ソスtソス@ソスCソスAソスEソスHソス[ソスソスソスNソスソス
/etc/rc.d/init.d/iptables start

ソスiソスRソスjIPソスAソスhソスソスソスXソスソスソスXソスgソスXソスVソス`ソスFソスbソスN
IPソスAソスhソスソスソスXソスソスソスXソスgソスヘ頻ソスノに更ソスVソスソスソスソスソスフで、ソスソスソスソスソスソスソスソスソスソスIPソスAソスhソスソスソスXソスソスソスXソスgソスフ更ソスVソスLソスソスソスソスソス`ソスFソスbソスNソスソスソスAソスXソスVソスソスソスソスソスソス鼾ソスヘフソス@ソスCソスAソスEソスHソス[ソスソスソスン抵ソスXソスNソスソスソスvソスgソスソスソスト起ソスソスソスソスソスソス謔、ソスノゑソスソスソスB
[root@centos ~]# vi /etc/cron.daily/iplist_check-router.shソス@ソスソスソス@IPソスAソスhソスソスソスXソスソスソスXソスgソス`ソスFソスbソスNソスXソスNソスソスソスvソスgソス成
#!/bin/bash

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# ソスVソスソスIPLISTソスソスソスソスソス`ソスFソスbソスNソスソスソスソス(0ソスソスソスwソス閧キソスソスニチソスFソスbソスNソスソスソスネゑソス)
# ソスソスソスVソスソスIPLISTソスソスソスソスソスソスSABUN_CHKソスナ指ソス閧オソスソスソスソスソスソスソスソスソスzソスソスソスソス鼾ソスソスiptablesソスン抵ソスXソスNソスソスソスvソスgソスソスソスソスソスsソスソスソスネゑソス
# ソスソスソスVソスソスIPLISTソスソスソスソスソス`ソスFソスbソスNソスソスソスRソスソスhttp://centossrv.com/bbshtml/webpatio/1592.shtmlソスソスソスQソスソス
SABUN_CHK=9999
[ $# -ne 0 ] && SABUN_CHK=${1}

# IPソスAソスhソスソスソスXソスソスソスXソスgソス謫セ
IP_LIST=/tmp/cidr.txt
CHK_IP_LIST=/tmp/IPLIST
wget -q http://nami.jp/ipv4bycc/cidr.txt.gz
gunzip -c cidr.txt.gz > $IP_LIST
rm -f cidr.txt.gz

# ソス`ソスFソスbソスNソスホ擾ソスIPソスAソスhソスソスソスXソスソスソスXソスgソスナ新ソスソス
rm -f IPLIST.new
for country in `awk '{print $1}' $CHK_IP_LIST |uniq`
do
    grep ^$country $IP_LIST >> IPLIST.new
done

# IPソスAソスhソスソスソスXソスソスソスXソスgソスXソスVソス`ソスFソスbソスN
diff -q $CHK_IP_LIST IPLIST.new > /dev/null 2>&1
if [ $? -ne 0 ]; then
    if [ ${SABUN_CHK} -ne 0 ]; then
        if [ $(diff $CHK_IP_LIST IPLIST.new | egrep -c '<|>') -gt ${SABUN_CHK} ]; then
            (
             diff $CHK_IP_LIST IPLIST.new
             echo
             echo "iptables-router.sh not executed."
            ) | mail -s 'IPLIST UPDATE' root
            rm -f IPLIST.new
            exit
        fi
    fi
    /bin/mv IPLIST.new $CHK_IP_LIST
    sh /root/iptables-router.sh > /dev/null
else
    rm -f IPLIST.new
fi

[root@centos ~]# chmod +x /etc/cron.daily/iplist_check-router.shソス@ソスソスソス@IPソスAソスhソスソスソスXソスソスソスXソスgソス`ソスFソスbソスNソスXソスNソスソスソスvソスgソスノ趣ソスソスsソスソスソスソスソスtソスソス
ソスソスCRONソスソスソス/root/iptables-router.sh not executed.ソスニゑソスソスソスソスソスソスeソスフソスソス[ソスソスソスソスソスヘゑソスソスソスソス鼾ソスフ対擾ソス
ソスネゑソス轤ゥソスフ暦ソスソスRソスナ、http://nami.jp/ipv4bycc/ソスソスソスソス謫セソスソスソスソスソスナ新ソスソスIPソスAソスhソスソスソスXソスソスソスXソスgソスニ、ソスOソスソス謫セソスソスソスソスIPソスAソスhソスソスソスXソスソスソスXソスgソスニの搾ソスソスソスソスソス100ソスソスソス超ゑソスソスソスソスソスソス゚、iptablesソスン抵ソスXソスNソスソスソスvソスgソスソスソスソスソスsソスソスソスネゑソスソスソスソスソスソスソスソスニゑソスソスソスソスソスソスB
ソスTソス[ソスoソス[ソス長趣ソスソスヤ抵ソス~ソスソスソストゑソスソスソスソスソスソスAソスOソスソス謫セソスソスソスソスIPソスAソスhソスソスソスXソスソスソスXソスgソスニの搾ソスソスソスソスソス100ソスソスソス超ゑソスソス髣晢ソスRソスソスソスソスソスmソスネ場合ソスノは、ソスu/etc/cron.daily/iplist_check-router.sh 0ソスvソスニ趣ソスソスsソスソスソス驍アソスニにゑソス闍ュソスソスソスIソスソスiptablesソスン抵ソスXソスNソスソスソスvソスgソスソスソスソスソスsソスソスソスソスB



ソスソスIPソス}ソスXソスJソスソスソス[ソスhソスmソスF(ソスNソスソスソスCソスAソスソスソスgソスソスWindowsソスフ場合)

ソスNソスソスソスCソスAソスソスソスgソスソスIPソスAソスhソスソスソスXソスソスソスナ抵ソスナ奇ソスソスソスソストて、ソスNソスソスソスCソスAソスソスソスgソスソスソスソスソスソスLinuxソスTソス[ソスoソス[ソスソスソスoソスRソスソスソストイソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスナゑソスソス驍ゥソスmソスFソスソスソスソスB
ソスソスソスソスソスソスソスナはクソスソスソスCソスAソスソスソスgソスソスIPソスAソスhソスソスソスXソスソスソス闢ョソスナ奇ソスソスソスソストるがソスAソスソスソスニゑソスDHCPソスTソス[ソスoソス[ソスソスソス\ソスzソスソスソスト趣ソスソスソスソスナ奇ソスソスソスソストゑソス謔、ソスノゑソスソスソス

ソスiソスPソスjソスNソスソスソスCソスAソスソスソスgソスソスソスlソスbソスgソスソスソス[ソスNソスン抵ソス
ソスuソス}ソスCソスlソスbソスgソスソスソス[ソスNソスvソスEソスNソスソスソスbソスNソスヒ「ソスvソスソスソスpソスeソスBソスvソスヒ「ソスソスソス[ソスJソスソス ソスGソスソスソスAソスレ托ソスソスvソスヒ「ソスvソスソスソスpソスeソスBソスvソスヒ「ソスCソスソスソス^ソス[ソスlソスbソスgソスvソスソスソスgソスRソスソス(TCP/IP)ソスv

ソスuソスソスソスソスIPソスAソスhソスソスソスXソスソスソスgソスソスソスvソスノチソスFソスbソスN

ソスEIPソスAソスhソスソスソスXソスソス192.168.1.10ソス@ソスソスソス@ソスTソス[ソスoソス[IPソスAソスhソスソスソスXソスネ外ソスフ適ソスソスソスソスIPソスAソスhソスソスソスXソスソスソスwソスソス
ソスEソスTソスuソスlソスbソスgソス}ソスXソスNソスソス255.255.255.0
ソスEソスfソスtソスHソスソスソスgソスQソス[ソスgソスEソスFソスCソスソス192.168.1.1ソス@ソスソスソス@ソスTソス[ソスoソス[IPソスAソスhソスソスソスXソスソスソスwソスソス

ソスuソスソスソスソスDNSソスTソス[ソスoソス[ソスフアソスhソスソスソスXソスソスソスgソスソスソスvソスノチソスFソスbソスN
ソスEソスDソスソスDNSソスTソス[ソスoソス[ソスソスxxx.xxx.xxx.xxxソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スDNSソスTソス[ソスoソス[(ソスvソスソスソスCソス}ソスソス)ソスソスIPソスAソスhソスソスソスXソスソスソスwソスソス
ソスEソスソスソスDNSソスTソス[ソスoソス[ソスソスxxx.xxx.xxx.xxxソス@ソスソスソス@ソスvソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スDNSソスTソス[ソスoソス[(ソスZソスJソスソスソス_ソスソス)ソスソスIPソスAソスhソスソスソスXソスソスソスwソスソス

ソスiソスQソスjIPソス}ソスXソスJソスソスソス[ソスh(ソスNソスソスソスCソスAソスソスソスgソスソスソスソスフイソスソスソス^ソス[ソスlソスbソスgソスレ托ソス)ソスmソスF
C:\Documents and Settings\centos>ping www.kernel.orgソス@ソスソスソス@ソスOソスソス(www.kernel.org)ソスニ通信ソスナゑソスソス驍ゥソスmソスF

pub.all.kernel.org [199.204.44.194]ソスソス ping ソス送信ソスソスソストゑソスソスワゑソス 32 ソスoソスCソスgソスフデソス[ソス^:
199.204.44.194 ソスソスソスソスフ会ソスソスソス: ソスoソスCソスgソスソス =32 ソスソスソスソス =183ms TTL=46
199.204.44.194 ソスソスソスソスフ会ソスソスソス: ソスoソスCソスgソスソス =32 ソスソスソスソス =183ms TTL=46
199.204.44.194 ソスソスソスソスフ会ソスソスソス: ソスoソスCソスgソスソス =32 ソスソスソスソス =183ms TTL=46
199.204.44.194 ソスソスソスソスフ会ソスソスソス: ソスoソスCソスgソスソス =32 ソスソスソスソス =183ms TTL=46

199.204.44.194 ソスソス ping ソスソスソスv:
    ソスpソスPソスbソスgソスソス: ソスソスソスM = 4ソスAソスソスM = 4ソスAソスソスソスソス = 0 (0% ソスフ托ソスソスソス)ソスA
ソスソスソスEソスソスソスh ソスgソスソスソスbソスvソスフ概ソスZソスソスソスソス (ソス~ソスソスソスb):
    ソスナ擾ソス = 183msソスAソスナ托ソス = 183msソスAソスソスソスソス = 183ms

ソスソスIPソス}ソスXソスJソスソスソス[ソスhソスmソスF(ソスNソスソスソスCソスAソスソスソスgソスソスLinuxソスフ場合)

ソスNソスソスソスCソスAソスソスソスgソスソスIPソスAソスhソスソスソスXソスソスソスナ抵ソスナ奇ソスソスソスソストて、ソスNソスソスソスCソスAソスソスソスgソスソスソスソスソスソスLinuxソスTソス[ソスoソス[ソスソスソスoソスRソスソスソストイソスソスソス^ソス[ソスlソスbソスgソスレ托ソスソスナゑソスソス驍ゥソスmソスFソスソスソスソスB
ソスソスソスソスソスソスソスナはクソスソスソスCソスAソスソスソスgソスソスIPソスAソスhソスソスソスXソスソスソス闢ョソスナ奇ソスソスソスソストるがソスAソスソスソスニゑソスDHCPソスTソス[ソスoソス[ソスソスソス\ソスzソスソスソスト趣ソスソスソスソスナ奇ソスソスソスソストゑソス謔、ソスノゑソスソスソス

ソスiソスPソスjソスNソスソスソスCソスAソスソスソスgソスソスソスlソスbソスgソスソスソス[ソスNソスン抵ソス
[root@client ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0ソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスン抵ソスtソス@ソスCソスソスソスメ集
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.20ソス@ソスソスソス@ソスTソス[ソスoソス[IPソスAソスhソスソスソスXソスネ外ソスフ適ソスソスソスソスIPソスAソスhソスソスソスXソスソスソスwソスソス
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
GATEWAY=192.168.1.1ソス@ソスソスソス@ソスTソス[ソスoソス[IPソスAソスhソスソスソスXソスソスソスwソスソス

[root@client ~]# /etc/rc.d/init.d/network reloadソス@ソスソスソス@ソスlソスbソスgソスソスソス[ソスNソスン定反ソスf
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0ソスソスソスIソスソスソスソス:                             [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソス[ソスX ソスソスソスIソスソスソスソス                      [  OK  ]
ソスlソスbソスgソスソスソス[ソスNソスpソスソスソスソスソス[ソス^ソス[ソスソスン定中:                          [  OK  ]
ソスソスソス[ソスvソスoソスbソスNソスCソスソスソス^ソス[ソスtソスFソスCソスXソスソスソストび搾ソスソスン抵ソス                   [  OK  ]
ソスCソスソスソス^ソス[ソスtソスFソス[ソスX eth0ソスソスソスソスソスソスソスソスソスソス:                           [  OK  ]

[root@client ~]# sed -i '/^nameserver/d' /etc/resolv.confソス@ソスソスソス@ソスソスソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスン抵ソス除

[root@client ~]# echo "nameserver xxx.xxx.xxx.xxx" >> /etc/resolv.conf
ソス@ソスソスソス@ソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスノプソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スDNSソスTソス[ソスoソス[(ソスvソスソスソスCソス}ソスソス)ソスソスン抵ソス

[root@client ~]# echo "nameserver xxx.xxx.xxx.xxx" >> /etc/resolv.conf
ソス@ソスソスソス@ソス竝ソスソスソスソスDNSソスTソス[ソスoソス[ソスノプソスソスソスoソスCソス_ソスソスソスソスハ知ソスソスソス黷スDNSソスTソス[ソスoソス[(ソスZソスJソスソスソス_ソスソス)ソスソスン抵ソス

ソスiソスQソスjIPソス}ソスXソスJソスソスソス[ソスh(ソスNソスソスソスCソスAソスソスソスgソスソスソスソスフイソスソスソス^ソス[ソスlソスbソスgソスレ托ソス)ソスmソスF
[root@client ~]# ping -c 4 www.kernel.orgソス@ソスソスソス@ソスOソスソス(www.kernel.org)ソスニ通信ソスナゑソスソス驍ゥソスmソスF
PING pub.all.kernel.org (199.204.44.194) 56(84) bytes of data.
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=1 ttl=47 time=183 ms
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=2 ttl=47 time=183 ms
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=3 ttl=47 time=183 ms
64 bytes from yul-korg-pub.kernel.org (199.204.44.194): icmp_seq=4 ttl=47 time=183 ms

--- pub.all.kernel.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3139msソス@ソスソスソス@0% packet lossソスソスソスmソスF
rtt min/avg/max/mdev = 134.565/134.881/135.334/0.531 ms

ソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスmソスF

Shields UP! - Internet Vulnerability Profilingソスソス"Proceed"ソス{ソス^ソスソス(ソスQソスツゑソスソス驍ェソスヌゑソスソスソスナゑソスソス謔「)ソスソスソスNソスソスソスbソスNソスソス"All Service Ports"ソス{ソス^ソスソスソスソスソスNソスソスソスbソスNソスソスソスト、ソスOソスソスソスソスソスソスフアソスNソスZソスXソスソスソスソスソスツまゑソスソスヘ具ソスソスロ会ソスソスソスソスソスソストゑソスソスソス|ソス[ソスgソスフゑソスOPENソスワゑソスソスソスCLOSEDソスナ、ソスソスソスフ托ソスソスフポソス[ソスgソスソスSTEALTHソスナゑソスソス驍アソスニゑソスソスmソスF


ソスソスソスヨ連ソスRソスソスソスeソスソスソスc

<!ソス\ソスeソスLソスXソスgソスフみゑソス4ソスsソス\ソスソスソスノ追会ソスソスソスCソスソスソスソスソスソス\>



ソスソスソスソスソスフペソス[ソスWソスフトソスbソスvソスヨ戻ゑソス

ソスvソスソスソスCソスoソスVソス[ソス|ソスソスソスVソス[
centossrv.com