¼¡¤Î¥Ú¡¼¥¸ Á°¤Î¥Ú¡¼¥¸ Ìܼ¡¤Ø

3. ¼Â¹Ô»þ¤ÎÌäÂê

3.1 NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa -> 224.bbb.bbb.bbb

¤³¤Î¥á¥Ã¥»¡¼¥¸¤Ï¡¢¥Þ¥ë¥Á¥­¥ã¥¹¥È¡¦¥Ñ¥±¥Ã¥È¤¬ NAT ¥Æ¡¼¥Ö¥ë¤òÄ̤ëºÝ¤Ë NAT ¤Î¥³¡¼¥É¤Ë¤è¤ê½ÐÎϤµ¤ì¤ë¤â¤Î¤Ç¡¢º£¤Î¤È¤³¤í¥³¥Í¥¯¥·¥ç¥óÄÉÀ×Éô¤¬ ¥Þ¥ë¥Á¥­¥ã¥¹¥È¡¦¥Ñ¥±¥Ã¥È¤ò¤¦¤Þ¤¯½èÍý¤Ç¤­¤Ê¤¤¤Î¤¬¸¶°ø¤Ç¤¹¡£ ¥Þ¥ë¥Á¥­¥ã¥¹¥È¤¬²¿¤Ç¤¢¤ë¤«Ê¬¤«¤é¤Ê¤¤¤«¡¢ ¤Þ¤¿¤Ï¥Þ¥ë¥Á¥­¥ã¥¹¥È¤ò¤Þ¤Ã¤¿¤¯É¬ÍפȤ·¤Ê¤¤¤Ê¤é¡¢ °Ê²¼¤Î¤è¤¦¤Ë¤·¤Æ¤¯¤À¤µ¤¤:

iptables -t mangle -I PREROUTING -j DROP -d 224.0.0.0/8

3.2 NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa -> bbb.bbb.bbb.bbb

syslog ¤«¥³¥ó¥½¡¼¥ë¤Ë°Ê²¼¤Î¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤Þ¤¹:

NAT: X dropping untracked packet Y Z aaa.aaa.aaa.aaa -> bbb.bbb.bbb.bbb

¤³¤Î¥á¥Ã¥»¡¼¥¸¤Ï¡¢NAT ¤Î¥³¡¼¥É¤Ë¤è¤êɽ¼¨¤µ¤ì¤Þ¤¹¡£ NAT ¤ò¹Ô¤¦¤Ë¤Ï¡¢Í­¸ú¤Ê¥³¥Í¥¯¥·¥ç¥óÄÉÀ×¾ðÊ󤬤ʤ¤¤È¤¤¤±¤Ê¤¤¤Î¤Ç¡¢ ¥Ñ¥±¥Ã¥È¤òÇË´þ¤·¤Æ¤¤¤ë¤Î¤Ç¤¹¡£¥³¥Í¥¯¥·¥ç¥óÄÉÀ×Éô¤¬ conntrack ¾ðÊó¤ò·èÄê¤Ç¤­¤Ê¤«¤Ã¤¿¥Ñ¥±¥Ã¥È¤¹¤Ù¤Æ¤ËÂФ·¡¢¤³¤Î¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤Þ¤¹¡£

¹Í¤¨¤é¤ì¤ëÍýͳ¤È¤·¤Æ¤Ï:

¤³¤¦¤·¤¿¥Ñ¥±¥Ã¥È¤Î¤â¤Ã¤È¾ÜºÙ¤Ê¥í¥°¤ò¼è¤ê¤¿¤¤¤Ê¤é(¤Ä¤Þ¤ê¡¢ ¥ê¥â¡¼¥È¡¦¥×¥í¡¼¥Ö¤ä¥¹¥­¥ã¥Ë¥ó¥°¡¦¥Ñ¥±¥Ã¥È¤À¤Èµ¿¤¦¤Ê¤é)¡¢ °Ê²¼¤Î¥ë¡¼¥ë¤òÍøÍѤ·¤Æ¤¯¤À¤µ¤¤:

iptables -t mangle -A PREROUTING -j LOG -m state --state INVALID

¤½¤¦¤Ç¤¹¡¢¥Ñ¥±¥Ã¥È¤Ï¥Õ¥£¥ë¥¿¡¦¥Æ¡¼¥Ö¥ë¤ËÅþ㤹¤ëÁ°¤Ë¡¢NAT ¤Î¥³¡¼¥É¤Ë¤è¤Ã¤ÆÇË´þ¤µ¤ì¤Æ¤·¤Þ¤¦¤Î¤Ç¡¢¤³¤Î¥ë¡¼¥ë¤ò mangle ¥Æ¡¼¥Ö¥ë¤ËÀßÄꤷ¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£

3.3 netfilter ¤ò¡¢Linux ¤ò¥Ö¥ê¥Ã¥¸¤Ë¤¹¤ë¥³¡¼¥É¤ÈÁȤ߹ç¤ï¤»¤Æ»È¤¦ ¤³¤È¤¬¤Ç¤­¤Ê¤¤¤ó¤Ç¤¹

¤Ä¤Þ¤ê¡¢´°Á´¤ÊÆ©²á·¿¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤ò¹½ÃÛ¤·¤¿¤¤¤ï¤±¤Ç¤¹¤Í¡© ÁÇÀ²¤é¤·¤¤¹Í¤¨¤Ç¤¹¤Í¡ª »ÄÇ°¤Ç¤¹¤¬¡¢¥Ö¥ê¥Ã¥¸¤Î¥³¡¼¥É¤Ï¡¢netfilter ¤ò´Þ¤àÉáÄ̤Υͥåȥ¥¯¡¦¥¹¥¿¥Ã¥¯¤ò±ª²ó¤·¤Æ¤·¤Þ¤¦¤Î¤Ç¤¹¡£

¤·¤«¤·¡¢´û¸¤Î¥Ö¥ê¥Ã¥¸¤Î¥³¡¼¥É¤òÂåÂؤ¹¤ë¤â¤Î¤ò½ñ¤¤¤Æ¤¤¤ë¿Í¤¬¤¤¤Þ¤¹¡£ http://www.math.leidenuniv.nl/~buytenh/bridge/ ¤ò¤´Í÷¤¯¤À¤µ¤¤¡£

¥Ö¥ê¥Ã¥¸¥ó¥°¡¦¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤Î¥µ¥Ý¡¼¥È¤Ï¡¢ Èó¾ï¤Ë¼Â¸³Åª¤È¤ß¤Ê¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Ë¤´Ãí°Õ¤¯¤À¤µ¤¤¡£

3.4 IRC ¥â¥¸¥å¡¼¥ë¤¬¡¢DCC RESUME ¤ò½èÍý¤Ç¤­¤Þ¤»¤ó

¤½¤¦¤Ç¤¹¤Í¡¢¤½¤ì¤ÏȾʬËÜÅö¤Î¤³¤È¤Ç¤¹¡£NAT ¥â¥¸¥å¡¼¥ë¤À¤±¤Ç¤Ï ½èÍý¤Ç¤­¤Þ¤»¤ó¡£NAT È´¤­¤Ç¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤òÍøÍѤ¹¤ì¤Ð¡¢ ¤½¤ì¤Ï¤¦¤Þ¤¯¤¤¤­¤Þ¤¹¡£

3.5 Ê£¿ô¤Î¥¢¥É¥ì¥¹¤ËÂФ¹¤ë SNAT ¤Ï¡¢¤É¤Î¤è¤¦¤ËÆ°ºî¤¹¤ë¤Î¤Ç¤¹¤«¡©

netfilter ¤Ï¡¢¤Ç¤­¤ë¸Â¤ê¥Ñ¥±¥Ã¥È¤Ë¼ê¤ò²Ã¤¨¤Ê¤¤¤è¤¦¤ËÅؤá¤Þ¤¹¡£ ¤Ç¤¹¤Î¤Ç¡¢²æ¡¹¤Î¤È¤³¤í¤Ë¥ê¥Ö¡¼¥È¤·¤¿¤Æ¤Î¥Þ¥·¥ó¤¬¤¢¤ê¡¢ SNAT ¥Ü¥Ã¥¯¥¹¤ÎÇظå¤Ë¤¤¤ë狼¤¬¥í¡¼¥«¥ë¡¦¥Ý¡¼¥È 1234 È֤ǥ³¥Í¥¯¥·¥ç¥ó¤ò³«¤¤¤¿¾ì¹ç¡¢netfilter ¥Ü¥Ã¥¯¥¹¤Ï IP ¥¢¥É¥ì¥¹¤À¤±¤Ë¼ê¤ò²Ã¤¨¡¢¥Ý¡¼¥ÈÈÖ¹æ¤Ï¤½¤Î¤Þ¤Þ¤Ë¤·¤Æ¤ª¤­¤Þ¤¹¡£

SNAT ÍѤΠIP ¥¢¥É¥ì¥¹¤¬°ì¸Ä¤·¤«¤Ê¤¤¾ì¹ç¡¢Ã¯¤«¤¬Æ±¤¸Á÷¿®¸µ¥Ý¡¼¥ÈÈÖ¹æ ¤ÇÊ̤Υ³¥Í¥¯¥·¥ç¥ó¤ò³«¤¯¤ÈƱ»þ¤Ë¡¢netfilter ¤Ï IP ¥¢¥É¥ì¥¹¤È¥Ý¡¼¥ÈÈÖ¹æ¤ÎξÊý¤Ë¼ê¤ò²Ã¤¨¤Ê¤¯¤Æ¤Ï¤Ê¤é¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£

¤·¤«¤·¡¢»ÈÍѲÄǽ¤Ê IP ¥¢¥É¥ì¥¹¤¬°ì¸Ä°Ê¾å¤¢¤ë¤Ê¤é¡¢ ¤³¤Î¾ì¹ç¤â IP Éô¤Ë¼ê¤ò²Ã¤¨¤ë¤À¤±¤Ç¤¹¤ß¤Þ¤¹¡£

3.6 ip_conntrack: maximum limit of XXX entries exceeded

¤³¤Î¥á¥Ã¥»¡¼¥¸¤¬ syslog ¤ÎÃæ¤Ë¤¢¤ë¤Î¤Ëµ¤ÉÕ¤¤¤¿¤é¡¢¤´ÍøÍѤδĶ­²¼¤Ç¤Ï¡¢ ¤É¤¦¤ä¤é conntrack ¥Ç¡¼¥¿¥Ù¡¼¥¹¤¬½½Ê¬¤Ê¿ô¤Î¥¨¥ó¥È¥ê¤ò»ý¤Ã¤Æ¤Ê¤¤¤è¤¦¤Ç¤¹¡£ ¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¥³¥Í¥¯¥·¥ç¥óÄÉÀ×Éô¤Î½èÍý¤Ç¤­¤ëƱ»þÀܳ¿ô¤Ë¤Ï¡¢ ¤¢¤ë°ìÄê¤Î¾å¸Â¤¬¤¢¤ê¤Þ¤¹¡£ ¤³¤Î¿ô¤Ï¡¢¤´ÍøÍѤΥ·¥¹¥Æ¥à¤Î¥á¥â¥ê¡¦¥µ¥¤¥º¤Î¾å¸Â¤Ë°Í¤ê¤Þ¤¹ (¥á¥â¥ê¤¬ 64MB ¤Ç¤·¤¿¤é 4096 ¸Ä¡¢128MB ¤Ç¤·¤¿¤é 8192 ¸Ä ...)¡£

ÄÉÀפ¹¤ë¥³¥Í¥¯¥·¥ç¥ó¤Î¿ô¤Î¾å¸Â¤òÁý¤ä¤¹¤³¤È¤Ï´Êñ¤Ë¤Ç¤­¤Þ¤¹¤¬¡¢ ÄÉÀפ¹¤ë¥³¥Í¥¯¥·¥ç¥ó¿ô¤Ò¤È¤Ä¤¢¤¿¤ê¡¢swap ¤Ç¤­¤Ê¤¤¥«¡¼¥Í¥ë¡¦¥á¥â¥ê¤òÌó 350 ¥Ð¥¤¥È¿©¤¦¤³¤È¤ò¤ªËº¤ì¤Ê¤¯¡ª

¾å¸Â¤òÎ㤨¤Ð 8192 ¤ËÁý¤ä¤¹¤Ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤ËÆþÎϤ·¤Æ¤¯¤À¤µ¤¤:

echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max

3.7 2.2.x ·Ï¥«¡¼¥Í¥ë¤Î¤È¤­¤Ë 'ipchains -L -M' ¤Ç¤ä¤Ã¤¿¤è¤¦¤Ë¡¢ ÄÉÀפµ¤ì¤Æ¤¤¤ë / ¥Þ¥¹¥«¥ì¡¼¥É¤µ¤ì¤Æ¤¤¤ë¥³¥Í¥¯¥·¥ç¥ó¤ò¤¹¤Ù¤Æ ¥ê¥¹¥È¥¢¥Ã¥×¤¹¤ëÊýË¡¤Ï¤¢¤ê¤Þ¤¹¤«¡©

proc ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥àÃæ¤Ë¡¢/proc/net/ip_conntrack ¤È¤¤¤¦Ì¾Á°¤Î¥Õ¥¡¥¤¥ë¤¬¤¢¤ê¤Þ¤¹¡£°Ê²¼¤Î¤è¤¦¤Ë¤¹¤ì¤Ð¡¢ ¤³¤Î¥Õ¥¡¥¤¥ë¤ò½ÐÎϤ·¤Æɽ¼¨¤Ç¤­¤Þ¤¹¡£

cat /proc/net/ip_conntrack

3.8 Í­¸ú¤Ê¤¹¤Ù¤Æ¤Î IP ¥Æ¡¼¥Ö¥ë¤ò°ìÍ÷¤¹¤ëÊýË¡¤Ï¤¢¤ê¤Þ¤¹¤«¡©

Í­¸ú¤Ê¤¹¤Ù¤Æ¤Î IP ¥Æ¡¼¥Ö¥ë¤Ï¡¢°Ê²¼¤Î¤è¤¦¤Ë¤·¤Æ¥ê¥¹¥Èɽ¼¨¤µ¤ì¤Þ¤¹¡£

cat /proc/net/ip_tables_names

3.9 iptables-1.2 ¤Î iptables-save ¤ä iptables-restore ¤Ç Segmentation Fault ¤¬½Ð¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿

´ûÃΤΥХ°¤Ç¤¹¡£¤Ç¤­¤ë¤À¤±Â®¤ä¤«¤Ë¡¢ºÇ¿·¤Î CVS ¤Î¥½¡¼¥¹¤«¡¢ 1.2.1 °Ê¹ß¤Î iptables ¤Ë¥¢¥Ã¥×¥°¥ì¡¼¥É¤·¤Æ¤¯¤À¤µ¤¤¡£

3.10 iptables -L ¤È¤¹¤ë¤È¡¢¥ë¡¼¥ë¤Îɽ¼¨¤ËÂçÊÑ»þ´Ö¤¬¤«¤«¤ê¤Þ¤¹

¤³¤ì¤Ï iptables ¤¬ IP ¥¢¥É¥ì¥¹Ëè¤Ë DNS ¸¡º÷¤ò¹Ô¤Ã¤Æ¤¤¤ë¤¿¤á¤Ç¤¹¡£ ³Æ¥ë¡¼¥ë 2 ¤Ä¤Î¥¢¥É¥ì¥¹¤«¤é¹½À®¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢ºÇ°­¤Î¾ì¹ç¡¢ ¥ë¡¼¥ëËè¤Ë 2 ²ó DNS ¸¡º÷¤¬Æþ¤ê¤Þ¤¹¡£

ÌäÂê¤È¤Ê¤ë¤Î¤Ï¡¢¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹(10.x.x.x ¤ä 192.168.x.x ¤Ê¤É) ¤ò»È¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ç¡¢DNS ¤Ï¥Û¥¹¥È̾¤ò²ò·è¤Ç¤­¤º¡¢¥¿¥¤¥à¥¢¥¦¥È¤·¤Þ¤¹¡£ ¤³¤¦¤·¤¿¥¿¥¤¥à¥¢¥¦¥È¤Î¹ç·×¤¬¡¢¤´ÍøÍѤΥ롼¥ë¥»¥Ã¥È¤Ë¤è¤Ã¤Æ¤Ï¡¢ ¤È¤Æ¤âŤ¤»þ´Ö¤Ë¤Ê¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£

DNS ¤ÎµÕ°ú¤­¤ò¹Ô¤ï¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢-n (numeric)¥ª¥×¥·¥ç¥ó¤òÆþ¤ì¤Æ¡¢ iptables ¤ò¤ª»È¤¤¤¯¤À¤µ¤¤¡£

3.11 LOG ¥¿¡¼¥²¥Ã¥È¤Ë¤è¤ë¥³¥ó¥½¡¼¥ë¤Ø¤Î¥í¥°½ÐÎϤò»ß¤á¤µ¤»¤ë¤Ë¤Ï ¤É¤¦¤¹¤ì¤Ð¤è¤¤¤Ç¤¹¤«¡©

syslogd ¤òŬÀÚ¤ËÀßÄꤷ¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó - LOG ¥¿¡¼¥²¥Ã¥È¤Ï¡¢¥×¥é¥¤¥ª¥ê¥Æ¥£ÃÍ warning(4) ¤Ç¡¢¥Õ¥¡¥·¥ê¥Æ¥£ÃÍ kern ¤Î¥í¥®¥ó¥°¤ò¹Ô¤¤¤Þ¤¹¡£ ¥Õ¥¡¥·¥ê¥Æ¥£Ãͤȥץ饤¥ª¥ê¥Æ¥£ÃͤˤĤ¤¤Æ¤Î¾ÜºÙ¤Ï¡¢ syslogd.conf ¤Î man ¥Ú¡¼¥¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£

¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢¥×¥é¥¤¥ª¥ê¥Æ¥£Ãͤ¬ debug(7) ¤è¤ê½ÅÍפʥ«¡¼¥Í¥ë¤Î¥á¥Ã¥»¡¼¥¸¤¬¤¹¤Ù¤Æ¥³¥ó¥½¡¼¥ë¤ËÁ÷¤é¤ì¤Þ¤¹¡£ ¤³¤ÎÃͤò 7 ¤«¤é 4 ¤Þ¤Ç¾å¤²¤ì¤Ð¡¢¥³¥ó¥½¡¼¥ë¾å¤Ë LOG ¥á¥Ã¥»¡¼¥¸¤¬É½¼¨¤µ¤ì¤ë¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£

¤³¤¦¤¹¤ë¤È¡¢Â¾¤Î½ÅÍפʥá¥Ã¥»¡¼¥¸¤â¥³¥ó¥½¡¼¥ë¤Ëɽ¼¨¤µ¤ì¤Ê¤¯ ¤Ê¤ë¤«¤âÃΤì¤Þ¤»¤ó¡£µ¤¤ò¤Ä¤±¤Æ¤¯¤À¤µ¤¤ (syslog ¥Õ¥¡¥¤¥ë¤Ë¤Ï±Æ¶Á¤·¤Þ¤»¤ó)¡£

3.12 squid ¤È iptables ¤ò»È¤Ã¤ÆÆ©²á·¿¥×¥í¥­¥·¤ò¹½ÃÛ¤¹¤ë¤Ë¤Ï ¤É¤¦¤¹¤ì¤Ð¤è¤¤¤Ç¤·¤ç¤¦¡©

¤Þ¤ºÂè°ì¤Ë¡¢ÅöÁ³¤Ê¤¬¤é¡¢Å¬ÀÚ¤Ê DNAT ¤« REDIRECT ¤Î¥ë¡¼¥ë¤¬É¬ÍפȤʤê¤Þ¤¹¡£ squid ¤¬ NAT ¥Ü¥Ã¥¯¥¹¼«¿È¤Î¾å¤ÇÆ°¤¯¤Ê¤é¡¢REDIRECT ¤Î¤ß»È¤Ã¤Æ¤¯¤À¤µ¤¤¡£ Î㤨¤Ð:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.22.33:3128

¤½¤Î¸å¡¢squid ¤òÀµ¤·¤¯ÀßÄꤷ¤Ê¤¯¤Æ¤Ï¤Ê¤ê¤Þ¤»¤ó¡£ ²æ¡¹¤¬¤³¤³¤ÇÄ󶡤Ǥ­¤ë¾ðÊó¤Ï¸Â¤é¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢ ¹¹¤Ë¾Ü¤·¤¤¾ðÊó¤Ë¤Ä¤¤¤Æ¤Ï¡¢squid ¤Î¥É¥­¥å¥á¥ó¥È¤ò»²¾È¤¯¤À¤µ¤¤¡£

Squid 2.3 ¤Ç¤Î squid.conf ¤Ë¡¢°Ê²¼¤Î¤è¤¦¤ÊÀßÄ꤬ɬÍפǤ¹:

http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy  on
httpd_accel_uses_host_header on
Squid 2.4 ¤Ë¤Ê¤ë¤È¡¢¤µ¤é¤ËÀßÄê¹Ô¤¬É¬Íפˤʤê¤Þ¤¹:

httpd_accel_single_host off

3.13 LOG ¥¿¡¼¥²¥Ã¥È¤Ï¤É¤Î¤è¤¦¤Ë»È¤¦¤Î¤Ç¤¹¤«¡© LOG ¤È DROP ¤òξÊý»È¤¦¤³¤È¤Ï¤Ç¤­¤Þ¤¹¤«¡©

LOG ¥¿¡¼¥²¥Ã¥È¤Ï¡¢¤¤¤ï¤æ¤ë¡Ö½ªÎ»¤·¤Ê¤¤¥¿¡¼¥²¥Ã¥È¡×¤Ç¤¹¡£ ¤Ä¤Þ¤ê¤½¤ì¤Ï¡¢¥Ñ¥±¥Ã¥È¤¬¥ë¡¼¥ë¤ËŬ¹ç¤·¤Æ¤â¡¢¤½¤³¤Ç½ªÎ»¤·¤Þ¤»¤ó¡£ LOG ¥¿¡¼¥²¥Ã¥È¤òÍøÍѤ¹¤ë¤È¡¢¥Ñ¥±¥Ã¥È¤Ï¥í¥®¥ó¥°¤µ¤ì¡¢ ¥ë¡¼¥ëŬ¹ç¤Î¸¡º÷¤¬¼¡¤Î¥ë¡¼¥ë¤Ë°ú¤­·Ñ¤¬¤ì¤Þ¤¹¡£

¤Ç¤Ï¡¢¥í¥°¤ò¼è¤ê¡¢Æ±»þ¤ËÇË´þ¤¹¤ë¤Ë¤Ï¤É¤¦¤¹¤ì¤Ð¤è¤¤¤Î¤Ç¤·¤ç¤¦¡© ºÇ¤â´Êñ¤Ê¤Î¤Ï¡¢Æó¤Ä¤Î¥ë¡¼¥ë¤ò´Þ¤à¥Á¥§¥¤¥ó¤ò¤¢¤Ä¤é¤¨¤ë¤³¤È¤Ç¤¹:

iptables -N logdrop
iptables -A logdrop -j LOG
iptables -A logdrop -j DROP

º£¸å¥Ñ¥±¥Ã¥È¤ò¥í¥°¤Ëµ­Ï¿¤·¤Æ¤«¤éÇË´þ¤·¤¿¤¤¾ì¹ç¤Ï¡¢ "-j logdrop" ¤ò»È¤¦¤À¤±¤Ç¤¹¤ß¤Þ¤¹¡£


¼¡¤Î¥Ú¡¼¥¸ Á°¤Î¥Ú¡¼¥¸ Ìܼ¡¤Ø