iptables + php ÉÏÍø¼Æ·ÑʵÏÖ
×î½üÓÐÒ»¸öÏã¸ÛµÄ¾ÆµêÌá³öÐèÇó,Òªµ½¾ÆµêÒµÄÚµÄÉÌÎñÖÐÐÄʵÐмƷÑÉÏÍø, ÌṩÁËÈçϼ¼Êõ·½°¸:
1¡¢Éèһ̨CENTOS5µÄ»úÆ÷×öΪ·ÓÉ£¬°ÑÐèÒª¼Æ·ÑµÄ»úÆ÷¶¼ÉèΪÓô˷þÎñÆ÷×öÍø¹Ø¡£
2¡¢·þÎñÆ÷¿ªÆôIPTABLE£¬Í¨¹ýIPTABLE¿ØÖÆÄܲ»ÄÜʹÓû¥ÁªÍø¡£
¼Ç¼ÏÂÒÔϼ¼ÊõÒªµã:
Ò»¡¢ php¿ÉÒÔͨ¹ýshell_execÀ´Ö´ÐÐshellÖ¸Áµ«iptablesµÄÖ¸ÁîÊÇroot²ÅÓÐȨÏÞÖ´Ðеģ¬ËùÔÚÐèÒª½èÖúsudo.
¾ßÌå×ö·¨ÈçÏÂ:
1. Ö´ÐÐvisudo, ×¢Ê͵ô Default requiretty Ò»ÐÐ
2. ÔÚÎļþ×îºó£¬¼ÓÈëapache ALL = NOPASSWD: /sbin/iptables
3. ÓÃphp shell_exec("/usr/bin/sudo /sbin/iptables -I FORWARD -s xxx.xxx.xxx.xxx -j DROP")ʵÏÖ¶ÏÍø
4. ÓÃphp shell_exec("/usr/bin/sudo /sbin/iptables -I FORWARD -s xxx.xxx.xxx.xxx -j ACCEPT")ʵÏÖ¿ªÍ¨
¶þ¡¢CENTOS¿ªÆô·Óɹ¦ÄÜ:
1¡¢nano /etc/sysctl.conf£¬ÕÒµ½ÆäÖÐnet.ipv4.ip_forward£¬ÉèΪ1£¬±£´æºóÍ˳ö¡£
2¡¢sysctl -p /etc/sysctl.confÈÃÐÞ¸ÄÉúЧ¡£
Èý¡¢/etc/sysconfig/iptablesÄÚÈÝ£º
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 1404 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 80 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp --dport 10000 --state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
*n
Ïà¹ØÎĵµ£º
<!--<?php
<!--
EOT;
if($yy_en_lang==1){
echo <<<EOT
-->
<a href="$index_e_url">English</a>
<!--
EOT;
}
echo <<<EOT
-->
?>
ÕâÊÇÒ»¶ÎSmartyÄ£°å´úÂ룬¿ÉÊÇÎÒ¿´²»¶®Õâ¸ö¹æÔòÇë¸ßÊÖÖ¸µãһϰ¡£¡£¡Ð»Ð»!
»òÕß ......
mb_convert_encodingÕâ¸öº¯ÊýÊÇÓÃÀ´×ª»»±àÂëµÄ¡£ÔÀ´Ò»Ö±¶Ô³ÌÐò±àÂëÕâÒ»¸ÅÄî²»Àí½â£¬²»¹ýÏÖÔÚºÃÏñÓе㿪ÇÏÁË¡£
²»¹ýÓ¢ÎÄÒ»°ã²»»á´æÔÚ±àÂëÎÊÌ⣬ֻÓÐÖÐÎÄÊý¾Ý²Å»áÓÐÕâ¸öÎÊÌâ¡£±ÈÈçÄãÓÃZend Studio»òEditplusд³ÌÐòʱ£¬ÓõÄÊÇgbk±àÂ룬Èç¹ûÊý¾ÝÐèÒªÈëÊý¾Ý¿â£¬¶øÊý¾Ý¿âµÄ±àÂëΪutf8ʱ£¬Õâʱ¾ÍÒª°ÑÊý¾Ý½øÐбàÂëת»»£¬²»È»½øµ½Ê ......
1 ÄÚ´æÒç³ö
µ±³ÌÐòÔËÐеÄʱºò..¶¨ÒåÁ˵Ĵ¢´æ±äÁ¿¾Í»á±»ÄÚ´æ·ÖÅä¿Õ¼ä..¿Õ¼ä´óСÓɱàдÕß¶¨ÒåµÄʱºò¹æ¶¨µÄ...µ«..³ÌÐòÔËÐÐÁË..È´ÐèÒªµÄ¿Õ¼ä±È¶¨ÒåµÄ´ó..ÕâÑù¾ÍÒç³öÁË.
Ò»¸ö±È½Ï¼òµ¥µÄÅжÏÄÚ´æÐ¹Â©µÄ·½·¨£¬¿´Ò»ÏÂÄãµÄ³ÌÐòËùÕ¼ÓõÄprivate bytesÊǶàÉÙ£¬Èç¹ûÒ»Ö±Ôö¼Ó£¬Ò²¾Í˵Ã÷ÓÐÄÚ´æÐ¹Â©¡£
½â¾ö·½·¨
http://blog.zol.com.c ......
[php]
<?php
--------------------------------------------------------------------
//FileName:class.php
//Summary: AccessÊý¾Ý¿â²Ù×÷Àà
//Author: forest
//CreateTime: 2006-8-10
//LastModifed:
//copyright (c)2006
//http://freeweb.nyist.net/~chairy
//cha ......
Óû§¶¨ÒåµÄÀ࣬ҲÊÇѧºÃ PHP Ëù±Ø±¸µÄÌõ¼þÖ®Ò»¡£¶ø PHP µÄÀ࣬ºÍÆäËüµÄÃæÏò¶ÔÏóÓïÑÔ±È½ÏÆðÀ´£¬»¹ËãÂùµ¥´¿µÄ¡£PHP Ö»ÓÐÀà±ð (class)¡¢·½·¨ (method)¡¢ÊôÐÔ¡¢ÒÔ¼°µ¥Ò»¼Ì³Ð (extensions) µÈ¡£¶Ô²»Ï°¹ßʹÓà C++¡¢Java¡¢Delphi µÈÃæÏò¶ÔÏóÓïÑÔÀ´¿ª·¢³ÌÐòµÄÓû§£¬²»·ÁÏÈÔĶÁÒ»ÏÂÓйØÃæÏò¶ÔÏó¸ÅÄîµÄÊ飬ÏàÐÅ¿ÉÒÔ´øÀ´Ðí¶àµÄÊÕ»ñ¡£
......