用於阻止特定網站的 Iptables 規則

2024-6-7 • tag-icon

我創建了一條規則來阻止特定網站（在本例中為 facebook.com），如下所示：

iptables -A OUTPUT -p tcp -d www.facebook.com -j LOG --log-prefix "Accessing Facebook:"
iptables -A OUTPUT -p tcp -d www.facebook.com -j DROP

現在網站在此之後被封鎖。但我試著理解日誌：

[root@localhost centos]# cat /var/log/messages | grep Facebook
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16774 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16774 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52984 DF PROTO=TCP SPT=59021 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:22 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52984 DF PROTO=TCP SPT=59021 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51020 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=51020 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16775 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16775 DF PROTO=TCP SPT=59020 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51021 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51021 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=557 TOS=0x00 PREC=0x00 TTL=64 ID=51022 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK PSH URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=557 TOS=0x00 PREC=0x00 TTL=64 ID=51022 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=14600 RES=0x00 ACK PSH URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51023 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=15544 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51023 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=15544 RES=0x00 ACK URGP=0
Nov  4 16:00:38 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.81.36 LEN=91 TOS=0x00 PREC=0x00 TTL=64 ID=51024 DF PROTO=TCP SPT=55776 DPT=443 WINDOW=15544 RES=0x00 ACK PSH URGP=0
Nov  4 17:42:25 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52568 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:25 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52568 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43251 DF PROTO=TCP SPT=59090 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43251 DF PROTO=TCP SPT=59090 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52569 DF PROTO=TCP SPT=59090 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:42:41 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52569 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:13 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53725 DF PROTO=TCP SPT=59091 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:13 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53725 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:14 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53726 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:14 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53726 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:16 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53727 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:16 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53727 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:20 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53728 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:20 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53728 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:28 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53729 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0
Nov  4 17:43:28 localhost kernel: Accessing Facebook:IN= OUT=eth0 SRC=10.0.2.15 DST=31.13.71.36 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53729 DF PROTO=TCP SPT=59092 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0

有沒有辦法透過查看日誌來判斷網站是否被封鎖？如果是這樣，我到底該尋找什麼？（或者由於日誌中出現了我添加的「訪問 Facebook」訊息，因此很明顯該網站已被封鎖）

在輸出的第 9 行到第 15 行中，為什麼我收到了 ACK 封包？

相關內容