|
一整晚都没有睡着,原因又是老毛病,胃疼!应该是晚饭的时候和幼昆两个人一起喝酒喝多了的缘故吧,真的是好久都没有沾过白酒了,突然之间就来这么一下,还真有些受不了了,不过喝的时候可没有想这么多,只因好久好久没有见到朋友了,能碰到一起吃顿饭就像是亲人一样,和他跟他女朋友说着我们大学时候的有趣经历,真是又一下去回到了那快乐的生活里,因为堆积了好久都没有倾诉的对象。所以可能当时我的话是最多的了,那个人明显都已经不像我本人了。酒精的魔力。酒足饭饱以后自己昏昏的回到了那个有些阴冷,让人感觉不到有人气的屋子里,躺在冷冷的床上,借着酒劲胡思乱想这以前过去,一个个熟悉的面孔象是过胶片一样在脑海里一一掠过。身上凉心里更凉。逐渐的胃就开始作怪了,那种就别而又熟悉的痛楚又来了。那时多么希望能够出现一个人在身边照顾我啊,哪怕只是口头上的安慰都一定会令我深深的感动的,但始终都是绝对的不可能的。这么大的北京好像就只有我一个人一样。没有忍住,于是就掉了几滴眼泪。第2天上午浑身无力,胃还在隐隐的作痛,只是一直这样痛着身体已经开始有些习惯了,真的是不想起来吃饭,想起了过去曾经还有人在这种时刻出现为我买饭送药,从天上掉下来的感觉始终都不会好。中午居然不知道怎么个状况,居然起来了,有点想吐但是没吐出来,为了怕弄脏人家的电梯,所以走的楼梯,还好不高只有8层。走了好久外面还飘着小雨,真是感到好像拍电影一样凄凉。到饭馆里吃了碗粥,去药店买了点药就回去了。直到晚上又出去吃了点东西以后这次估计算是结束了。
每次难受过病过以后,好像就会对生活有所改变,希望这次的转变能够快点来临,此时此刻的我真的很希望有个机会可以拉我一把。
1:51 PM - 11/5/2005 - {5} -
Share and enjoy
一直都在用hotmail的信箱,也就是face_yanli@hotmail.com就连自己也忘记了申请了多久了,应该最少有4年了吧,记得曾经有个她的hotmail信箱还是我帮她申请的。。。
一直都很想申请到个msn后缀的信箱,不知道为什么感觉有种喜欢,可能是因为简单吧。过去的这个地址上,都是些同学,以前的旧同事,和一些在网上认识已久
的朋友,虽然很多几乎都没怎么说过话了,同学们也是各有各的忙的,还有一些曾经有过快乐,但现在只剩下残忍的回忆的人,所以现在的MSN对我来说几乎没有
什么用,但是还是习惯的每天都开着,看着上面熟悉的些面孔上线下线,想着别人的忙碌和生活,看着上面每个人的个人描述,去猜想他们最近的心情和生活情况,
就连自己也经常跟着换些,可能是最近发生的一些事情另我感觉我是不是可以从新开始?就连MSN也换掉,申请一个信的地址 ,一个我喜欢的msn的地址,重新的
去认识朋友,对那些不愉快的过去say byebye,不知道这样做是不是有用呢?管他呢!我本身就是个做事冲动的人,不去想后果。
https://accountservices.passport.net/reg.srf?ns=msn.com 这个地址就是申请msn的地方,我重新申请了一个。可能以后在face_yanli@hotmail.com上就不会见到我了,谁知道呢。
7:59 AM - 11/2/2005 - {0} -
Share and enjoy
| |
又一年又三年
演唱:品冠
品冠-又一年又三年
很想告诉你
你的话我都没忘记
就连那轻微的呼吸
也都会烙在我心里
眼里的忧郁
告诉我你还没忘记
还穿着他送的外衣
掩饰着脆弱的情绪
他还试着他还真的
回头来找你
不能放弃不能忘记
他曾经深爱着你
但已经又一年又三年
又是一个世纪
又春天又夏天又是落叶满地
你还守着你自己
不让幸福再靠近
我可以放弃你忘记你
不再眷恋着你
又一年又三年又是落叶满地
只要等到你是你
只要你快乐我会祝福你
|
8:22 PM - 10/30/2005 - {0} -
Share and enjoy
已经是来到北京22天了,算命的说2是我的幸运数字,22?难道不算吗?反而另我有些沮丧,一直想平静的心总是定不下来,表面看起来还若无其事的,真不知道是在装给谁看!难道换个环境安稳下来真的就有这么难吗?还是我的路走错了呢?一直告诉自己既然选择了就一定要坚持下去,这个时候没有任何人能够帮助我,突然感觉很孤单,那种感觉不知道有人能感受的到没有?感情~~~这个词现在在我的眼里真的不知道是什么样子,在我心里不知道是什么滋味?一次又一次的伤,好了又伤,伤了再好。不知道自己到底在做些什么?难道我不感到无聊吗?难道我的脑子真的坏掉了吗?我的想法有问题吗?怀疑自己是怪物了!!!
工作,爱情! 唯一的答案---自己不够优秀!
但我始终相信这样一个不够优秀的我会有出人头地的一天,会有人真心相待的。是的,我相信!!为了这个目标我也要坚持下去,努力下去,哪怕一直一个人走下去,我都要走到那个成功点。
突然很相对家里人说我爱你!
脆弱的YAN。
走下去!!!
6:15 AM - 10/30/2005 - {1} -
Share and enjoy
感谢您关注 Mail Beta 试用版!
9:10 PM - 10/17/2005 - {0} -
Share and enjoy
|
|
|
|
|
下载后,即意味着您同意我们的
条款和隐私政策
免费下载只需数秒钟
|
|
|
要求使用 Windows XP 或 Windows 2000 SP 3+
打开计算机时自动启动
对索引进行压缩以有效利用磁盘空间
下载仅占用 1.7MB 空间
| |
|
4:13 AM - 10/16/2005 - {0} -
Share and enjoy
4:44 AM - 9/20/2005 - {0} -
Share and enjoy
11:26 PM - 9/19/2005 - {0} -
Share and enjoy
This file describes the strategy for dynamically loadable modules
in the Linux kernel. This is not a technical description on
the internals of module, but mostly a sample of how to compile
and use modules.
Note: You should ensure that the modutils-X.Y.Z.tar.gz you are using
is the most up to date one for this kernel. The "X.Y.Z" will reflect
the kernel version at the time of the release of the modules package.
Some older modules packages aren't aware of some of the newer modular
features that the kernel now supports. The current required version
is listed in the file linux/Documentation/Changes.
* * * NOTE * * *
The kernel has been changed to remove kerneld support and use
the new kmod support. Keep this in mind when reading this file. Kmod
does the exact same thing as kerneld, but doesn't require an external
program (see Documentation/kmod.txt)
In the beginning...
-------------------
Anyway, your first step is to compile the kernel, as explained in the
file linux/README. It generally goes like:
make config
make dep
make clean
make zImage or make zlilo
In "make config", you select what you want to include in the "resident"
kernel and what features you want to have available as loadable modules.
You will generally select the minimal resident set that is needed to boot:
The filesystem of your root partition
A scsi driver, but see below for a list of SCSI modules!
Normal hard drive support
Net support (CONFIG_NET)
TCP/IP support (CONFIG_INET), but no drivers!
plus those things that you just can't live without...
The set of modules is constantly increasing, and you will be able to select
the option "m" in "make config" for those features that the current kernel
can offer as loadable modules.
You also have a possibility to create modules that are less dependent on
the kernel version. This option can be selected during "make config", by
enabling CONFIG_MODVERSIONS, and is most useful on "stable" kernel versions,
such as the kernels from the 1.2 and 2.0 series.
If you have modules that are based on sources that are not included in
the official kernel sources, you will certainly like this option...
Here is a sample of the available modules included in the kernel sources:
Most filesystems: minix, msdos, umsdos, sysv, isofs, hpfs,
smbfs, nfs
Mid-level SCSI support (required by top and low level scsi drivers).
Most low-level SCSI drivers: (i.e. aha1542, in2000)
All SCSI high-level drivers: disk, tape, cdrom, generic.
Most Ethernet drivers: (too many to list, please see the file
./Documentation/networking/net-modules.txt)
Most CDROM drivers:
aztcd: Aztech,Orchid,Okano,Wearnes
cm206: Philips/LMS CM206
gscd: Goldstar GCDR-420
mcd, mcdx: Mitsumi LU005, FX001
optcd: Optics Storage Dolphin 8000AT
sjcd: Sanyo CDR-H94A
sbpcd: Matsushita/Panasonic CR52x, CR56x, CD200,
Longshine LCS-7260, TEAC CD-55A
sonycd535: Sony CDU-531/535, CDU-510/515
And a lot of misc modules, such as:
lp: line printer
binfmt_elf: elf loader
binfmt_java: java loader
isp16: cdrom interface
serial: the serial (tty) interface
When you have made the kernel, you create the modules by doing:
make modules
This will compile all modules and update the linux/modules directory.
In this directory you will then find a bunch of symbolic links,
pointing to the various object files in the kernel tree.
Now, after you have created all your modules, you should also do:
make modules_install
This will copy all newly made modules into subdirectories under
"/lib/modules/kernel_release/", where "kernel_release" is something
like 2.0.1, or whatever the current kernel version is...
As soon as you have rebooted the newly made kernel, you can install
and remove modules at will with the utilities: "insmod" and "rmmod".
After reading the man-page for insmod, you will also know how easy
it is to configure a module when you do "insmod" (hint: symbol=value).
Nifty features:
---------------
You also have access to two utilities: "modprobe" and "depmod", where
modprobe is a "wrapper" for (or extension to) "insmod".
These utilities use (and maintain) a set of files that describe all the
modules that are available for the current kernel in the /lib/modules
hierarchy as well as their interdependencies.
Using the modprobe utility, you can load any module like this:
/sbin/modprobe module
without paying much attention to which kernel you are running, or what
other modules this module depends on.
With the help of the modprobe configuration file: "/etc/modules.conf"
you can tune the behaviour of modprobe in many ways, including an
automatic setting of insmod options for each module.
And, yes, there _are_ man-pages for all this...
To use modprobe successfully, you generally place the following
command in your /etc/rc.d/rc.S script. (Read more about this in the
"rc.hints" file in the module utilities package, "modutils-x.y.z.tar.gz".)
/sbin/depmod -a
This computes the dependencies between the different modules.
Then if you do, for example
/sbin/modprobe umsdos
you will automatically load _both_ the msdos and umsdos modules,
since umsdos runs piggyback on msdos.
Using modinfo:
--------------
Sometimes you need to know what parameters are accepted by a
module or you've found a bug and want to contact the maintainer.
Then modinfo comes in very handy.
Every module (normally) contains the author/maintainer,
a description and a list of parameters.
For example "modinfo -a eepro100" will return:
Maintainer: Andrey V. Savochkin <saw@saw.sw.com.sg>
and "modinfo -d eepro100" will return a description:
Intel i82557/i82558 PCI EtherExpressPro driver
and more important "modinfo -p eepro100" will return this list:
debug int
options int array (min = 1, max = 8)
full_duplex int array (min = 1, max = 8)
congenb int
txfifo int
rxfifo int
txdmacount int
rxdmacount int
rx_copybreak int
max_interrupt_work int
multicast_filter_limit int
The "ultimate" utility:
-----------------------
OK, you have read all of the above, and feel amply impressed...
Now, we tell you to forget all about how to install and remove
loadable modules...
With the kerneld daemon, all of these chores will be taken care of
automatically. Just answer "Y" to CONFIG_KERNELD in "make config",
and make sure that /sbin/kerneld is started as soon as possible
after boot and that "/sbin/depmod -a" has been executed for the
current kernel. (Read more about this in the module utilities package.)
Whenever a program wants the kernel to use a feature that is only
available as a loadable module, and if the kernel hasn't got the
module installed yet, the kernel will ask the kerneld daemon to take
care of the situation and make the best of it.
This is what happens:
- The kernel notices that a feature is requested that is not
resident in the kernel.
- The kernel sends a message to kerneld, with a symbolic
description of the requested feature.
- The kerneld daemon asks e.g. modprobe to load a module that
fits this symbolic description.
- modprobe looks into its internal "alias" translation table
to see if there is a match. This table can be reconfigured
and expanded by having "alias" lines in "/etc/modules.conf".
- insmod is then asked to insert the module(s) that modprobe
has decided that the kernel needs. Every module will be
configured according to the "options" lines in "/etc/modules.conf".
- modprobe exits and kerneld tells the kernel that the request
succeeded (or failed...)
- The kernel uses the freshly installed feature just as if it
had been configured into the kernel as a "resident" part.
The icing of the cake is that when an automatically installed module
has been unused for a period of time (usually 1 minute), the module
will be automatically removed from the kernel as well.
This makes the kernel use the minimal amount of memory at any given time,
making it available for more productive use than as just a placeholder for
unused code.
Actually, this is only a side-effect from the _real_ benefit of kerneld:
You only have to create a minimal kernel, that is more or less independent
of the actual hardware setup. The setup of the "virtual" kernel is
instead controlled by a configuration file as well as the actual usage
pattern of the current machine and its kernel.
This should be good news for maintainers of multiple machines as well as
for maintainers of distributions.
To use kerneld with the least amount of "hassle", you need modprobe from
a release that can be considered "recent" w.r.t. your kernel, and also
a configuration file for modprobe ("/etc/modules.conf").
Since modprobe already knows about most modules, the minimal configuration
file could look something like this:
alias scsi_hostadapter aha1542 # or whatever SCSI adapter you have
alias eth0 3c509 # or whatever net adapter you have
# you might need an "options" line for some net adapters:
options 3c509 io=0x300 irq=10
# you might also need an "options" line for some other module:
options cdu31a cdu31a_port=0x1f88 sony_pas_init=1
You could add these lines as well, but they are only "cosmetic":
alias net-pf-3 off # no ax25 module available (yet)
alias net-pf-4 off # if you don't use the ipx module
alias net-pf-5 off # if you don't use the appletalk module
Written by:
Jacques Gelinas <jacques@solucorp.qc.ca>
Bjorn Ekwall <bj0rn@blox.se>
9:40 AM - 9/14/2005 - {0} -
Share and enjoy
7:57 PM - 9/12/2005 - {0} -
Share and enjoy
ˮ½ľ֮ɰ´ެ´´´´ʢĵ"֮"Ⱦ--ֱ֦ͨ´"壬ֲͤͤ´۶-ɡ"ν´֮""´"ĵ֮´"֮"´"棡´֮´"-ţ֮ͬ"´ߺˣĵ֮"˺""
7:54 PM - 9/12/2005 - {0} -
Share and enjoy
ƬMarch of the Penguins
"´ǡ"-´´
-/磺ˡ-ſ Luc Jacquet
"Ħ. Morgan Freeman
Ķ� Charles Berling
ڡ Romane Bohringer
-ͣ¼
Ƭ80"()/85"()
"//
G
--ɶ"Ƭ˾ Warner Independent Pictures
"´ڣ20058´10´
IMDB֣8.1/10 (1,224 votes)
ٷ´http://www.marchofthepenguins.com/
ÿ궬죬´"Ƭ�¼ŵϼϣ"Ⱥηࣺʵ졣ϼ"´꺮ĵطÿ´±㿪ʼ뺮-Ÿ´µʱ䡣"ÿ´£ǧĻʵ뿪ǵĺ-"´"´ɵĶ´ϰ"ʼ"´´ĶƤ´ڵ滬--ʮߣ´"ǵ˫´ڱ--ߡΪ-´""ȫĻ"´㷱-ܺ-"-棬Dzò"ȻðŻڵصı籩´´ġ"-"ؿʼ"-ó̡
"-´ʮ-"ȷ´ijǰ"ϵ--"´赸˻"´IJ-"ǿʼ"ʽܿǾͻ-γ"´"´ġ
´´̣"´´"-´ͣ"ʱ�֮ƣ-Ϣ-"̼-·ش"´ָ-´"ʳ;"˳ģ̰ĺʱ´ڶ´ǻ""ְ־ͻ-´쵰ǽ´´Ľ´"´ů
5:03 AM - 9/6/2005 - {0} -
Share and enjoy
"iptables -ADC ָĹ´-A" -Dɾ -C -
iptables - [RI] chain rule num rule-specification[option]
"iptables - RI ͨ´˳-ָ
iptables -D chain rule num[option]
ɾָ´
iptables -[LFZ] [chain][option]
"iptables -LFZ [-]
iptables -[NX] chain
" -NX ָ
iptables -P chain target[options]
ָĬĿ
iptables -E old-chain-name new-chain-name
-E ɵ -µ
"-µȡɵ
˵
Iptalbes "áάͼLinuxں˵IP˹´ġ
"´"岻ͬı�ÿ��ڲ"ܰ"û"ÿ"´-�´´"İ--.䣺ÿ´ָ"δ"֮.İ´ⱻ'target'Ŀ꣩""´ͬ"ڵ"û"
TARGETS
ǽĹ´ָ´�Ŀꡣ.䣬-"´飻.,ô"´"Ŀֵȷ.Ŀֵ"´"û",ijר"ֵ,ACCEPT[ͨ], DROP[ɾ], QUEUE[Ŷ"], ´ RETURN[]
ACCEPT ʾ´ͨDROPʾ´QUEUEʾ-´ݵ"û´䡣RETURNʾֹͣ´.䣬ǰ"Ĺ´-¿ʼ"ڽ(ĩ)´"ڽĹ´RETURN´˽"´ָĿ�
TABLES
ǰ"-�ĸǵǰȡ"ں-͵ǰģ)
-t table
´-ָ".ı�ں˱Ϊ´"´ģ飬´ʱģû"-"´أ(ϵͳ)´(Ϊñ)"´ʺϵģ顣´-£filter,´Ĭϵı�ڽINPUTİFORWORDͨİOUTPUT�ɵİ nat,´�-ʱʾ"˲-µ"İ,"ڽɣPREROUTING (-ĵİ)OUTPUT-·"֮ǰصİPOSTROUTING-.İmangle ´"´ָİ---ġ"-ڽ´PREROUTING-·"֮ǰİOUTPUT-·"֮ǰصİ
OPTIONS
´-ɱiptablesʶ-"´ֲͬࡣ
COMMANDS
´--ִָ--ȷĶָ--û"-涨,--ָֻ"-.´"ڳʽ-,"ĸֻ"֤iptablesܴ"--ֳָ--ˡ
-A -append
´-´ĩ""´´ַ´/" ĿģַתΪַʱ´´""-ܵĵַ()档
-D -delete
"--ɾ"´´"´"-ַ"´-ɾ´ָΪ--("-Ϊ1),´ָΪ".Ĺ´
-R -replace
"---ȡ"´´ַ´/" ĿģַתΪַʧܡ´-Ŵ"1ʼ
-I -insert
ݸĹ´---"´"´´-Ϊ1´ᱻͷ´"Dzָ´-ʱĬϷʽ
-L -list
´ʾ-"-´û"--´"-´ʾ""´z-"ʹ"ã´ʱᱻ´-㡣ȷ"졣
-F -flush
´-´"ڰ-"-´"ɾ
--Z -zero
-"-İֽڵļ´"´ -Lʹ"ã´´ǰ쿴μǰġ
-N -new-chain
ݸƽ"-µ"û"´-뱣֤û"-ͬ´ڡ
-X -delete-chain
ɾָ"û´"´-û"-""ã""ã´ɾ֮ǰ-ɾ´滻"֮"-صĹ´û"-´´ɾÿڽ
-P -policy
Ŀ´
-E -rename-chain
"ûֶ´ָ--´-Σ´´Ľṹû"-"졣TARGETS"ϷĿꡣֻ"-"û´""´ʹ"ù´"ڽ"û´"ǹ´Ŀꡣ
-h Help.
ǰ"dz̵˵
PARAMETERS
"´²ɹ´""adddeletereplaceappend check
-p -protocal [!]protocol
´´߰()-"顣ָ-""´tcpudpicmp-"´ȫ""´ֵ´--"-ij"�Ȼ""´ʹ"´/etc/protocols-"-"´-"ǰ""!"ʾ෴Ĺ´0൱""-allProtocol all."--"飬"´ȱʡʱ-´ںcheckʱall"´ʹ"á
-s -source [!] address[/mask]
ָ´ַ"´IPַmask˵"´-֣´-ָ-"1"ĸ"ˣmaskֵΪ24"255.255.255.0´ַָǰ""!"˵ָ෴ĵַΡ־ --src ´-ļ-
-d --destination [!] address[/mask]
ָĿַ"ȡϸ˵μ -s־˵�־ --dst ´-ļ-
-j --jump target
-j Ŀת
ָ´Ŀꣻ"˵."ʲôĿ"´"û´"´´´ڵģij�´˵ר"ڽĿ꣬´"´μEXTENSIONS´´-´ô.Ĺ̲´"죬´ļ´"
-i -in-interface [!] [name]
i -ģ磩" [!][]
´ǰ"ɸý"ڽ"´Ŀ-ƣͨý"ڽ"´´INPUTFORWORDPREROUTING-İ�´ڽ"ǰʹ""!"˵ָ෴ơ"""+"´"-"´˽"ͷĽ"ڶᱻ.䡣´-´Ϊ"+"ô.""ڡ
-o --out-interface [!][name]
-o --"[]
´ǰ"ɸý"ͳĿ-ijƣͨÿ´FORWARDOUTPUTPOSTROUTING-ͳİ�´ڽ"ǰʹ""!"˵ָ෴ơ"""+"´"-"´˽"ͷĽ"ڶᱻ.䡣´-´Ϊ"+"ô."-""ڡ
[!] -f, --fragment
[!] -f --Ƭ
´"ζ´ڷƬİ-´ֻ-ʵڶ"´Ƭ´"´""-´ְ-´˿ڻĿ˿ڣ´ICMP-͵ģ´.κָ´ǽ--.Ĺ´"!"˵"´"-f"־֮ǰʾ෴"˼
OTHER OPTIONS
-
"´ָ-"-
-v --verbose
-v --ϸ
ϸ´-list´ʾ"ڵַ´-"-TOSType of Service-롣ֽڼ"´ʾֱ"KMG(ǰ)ʾ10001,000,0001,000,000,000ο-x־ı�´"",,ɾ滻´ʹ"´ϸ-Ϣ"
-n --numeric
-n --
IPַͶ˿ڻ"´ֵ-ʽ"Ĭ£-´´ʾ´߷ֻ""ã
-x -exact
-x -ȷ
´֡´ʾֽڼľȷֵ"K,M,Gʾ´´-"" -L
--line-numbers
-´ʾ´ʱ´ÿ´ǰ"--ţ"ù´´-λ´"
MATCH EXTENSIONS
´"´
iptablesܹʹ""-"ģ.´"´¾Ǻ"ڻڵ´"Ǵ"´ͨ´ǰ"!ʾ෴"˼
tcp
--protocol tcp ָ,".´δָʱ,´-´װ´ءṩ"´-
--source-port [!] [port[:port]]
´˿ڻ˿ڷΧָ´"´Ƿ˿ںšʹ"øʽ˿ڣ˿""´ָģ˿ڣΧ˿ںű´Ĭ"0"ĩ˿ںű´Ĭ"65535"ڶ˿ںŴ"ڵ"ôǻᱻ´-"´ʹ" --sportı
--destionation-port [!] [port:[port]]
Ŀ˿ڻ˿ڷΧָ´-"´ʹ" --dport档
--tcp-flags [!] mask comp
.ָTCPǡ"""ıǣ""öŷֿ-�ڶ"öŷֿıDZ,DZ-뱻õġ£ SYN ACK FIN RST URG PSH ALL NONE"´iptables -A FORWARD -p tcp --tcp-flags SYN, ACK, FIN, RST SYNֻ.-SYNDZöACKFINRSTû"-õİ
[!] --syn
ֻ.-SYNλACKFINλTCP´-""TCP"ʼʱ磬´ְ""ڷʱֹTCP".TCP"ܵ"졣´" --tcp-flags SYN, RST, ACK SYN"--syn"ǰ"-"!"ǣʾ෴"˼
--tcp-option [!] number
.TCP-ġ
udp
protocol udp ָ,".´δָʱ,´-´װ´,ṩ"´-
--source-port [!] [port:[port]]
´˿ڻ˿ڷΧָ TCP´--source-port-˵
--destination-port [!] [port:[port]]
Ŀ˿ڻ˿ڷΧָ TCP´--destination-port-˵
icmp
protocol icmpָ,".´δָʱ,´װ´ءṩ"´-
--icmp-type [!] typename
´-´-ָICMP-ͣ"´"ֵ-͵ICMP-ͣ´ij"iptables -p icmp -h´ʾICMP-
mac
--mac-source [!] address
.ַ-XX:XX:XX:XX:XX´-ĸʽע"ֻ´´"´̫豸PREROUTINGFORWORDINPUTİ"--
limit
´ģ.־""Ͱ""ٶȽ--.,LOGĿʹ""-ĵ½.ﵽ´ֵʱ,ʹ"´´Ĺ´--..(ʹ""!")
--limit rate
ƽ.ʣɸֵ"-'/second', '/minute', '/hour', or '/day'´-ĵ.λĬ3/hour
--limit-burst number
.ʼֵ:ǰָļûﵽ´ֵ,´ּ"1.ĬֵΪ5
multiport
´ģ."´˿ڻĿ˿,"´ָ15˿ڡֻܺ-p tcp ´ -p udp ʹ"á
--source-port [port[, port]]
´˿-"˿´.
--destination-port [port[, port]]
Ŀ˿-"˿´.
--port [port[, port]]
´˿ںĿĶ˿Ȳ"ij˿,´.䡣
mark
´ģ"netfilterֶ.䣨Ϳ"´´Ϊʹ"MARKǣ
--mark value [/mask]
.-űֵİָmask´ڱȽ֮ǰ-"ıǣ
owner
ģ´Ϊɰ.´ߵIJͬ´ֻ""OUTPUT"ʹ´-"-ICMP ping"𣩻û"-"-´ߣ""´.䡣
--uid-owner userid
"--user idô.Ľ̲İ
--gid-owner groupid
"--group idô.Ľ̲İ
--sid-owner seessionid
ݸĻỰ.ý̲İ
state
ģ飬""ٽʹ"ʱ´-ʰ"״̬
--state state
´state"�ŷָ."״̬-�ܵ״̬:INVALIDʾδ֪"ESTABLISHEDʾ˫͵"NEWʾΪ-µ"´Ƿ˫͵ģRELATEDʾ"-"ʼǺ""-´ڵ"´"FTPݴͣ´" ICMP
unclean
ģû"--´.-ֵġİ´ʵ--
tos
ģ.IPײ8λtos-ֶͣΣ"˵´"λ-
--tos tos
´"´"ƣ"iptables -m tos -h 쿴-�´ֵ
TARGET EXTENSIONS
iptables"´ʹ"´Ŀģ飺"´¶´ڱ-
LOG
Ϊ.İں˼¼´ڹ´-´"-linuxں˻ͨprintk()""-"ȫ.-ϢIPͷֶεȣ
--log-level level
¼ֻο syslog.conf(5)
--log-prefix prefix
´ڼ¼-Ϣǰ"ضǰ14ĸ"ͼ¼--Ϣ
--log-tcp-sequence
¼TCP--š¼ܱ"ûȡô´⽫´ڰȫ"
--log-tcp-options
¼´TCPͷ-
--log-ip-options
¼´IPͷ-
MARK
"ðnetfilterֵֻ""mangle�
--set-mark mark
REJECT
Ϊ´.İ""ݺDROPͬ
Ŀֻ""INPUTFORWARDOUTPUT͵"´-"û´"´⼸-ƷصĴ-´
--reject-with type
Type"´icmp-net-unreachableicmp-host-unreachableicmp-port- nreachableicmp-proto-unreachable icmp-net-prohibited ´ icmp-host-prohibited-ͻ᷵"ICMP-ϢĬport-unreachable- echo-reply"´-ģֻ""ָICMP pingĹ´-pingĻ"-tcp-reset"´""´INPUT-,´INPUT"õĹ´ֻ.TCP-"飺""TCP RST
TOS
"IPײλtosֻ""mangle�
--set-tos tos
"´ʹ""ֵ-͵TOS ֵ´"iptables -j TOS -h 鿴"--TOS-�
MIRROR
´"´-ʾĿ꣬""תIPײֶ-´ַĿַ´ٴð,ֻ""INPUTFORWARDOUTPUT"´ֻ"ǵ"û´"
SNAT
´Ŀֻ""natPOSTROUTING涨-İ´ַ""´"-İᱻ"죩ֹͣ´´ļ飬-
--to-source [-][:port-port]
"´ָ"."-µIPַ"IPַΧ""´""˿ڷΧֻ´ָ-p tcp ´-p udpĹ´δָ˿ڷΧ´˿-512"´µģ˿ڣᱻΪ512"´µĶ˿ڣ5121024֮Ķ˿ڻᱻΪ1024 "´µģ˿ڻᱻΪ1024"´ϡܣ˿ڲᱻ-ġ
--to-destiontion [-][:port-port]
"´ָ"."-µIPַ"IPַΧ""´""˿ڷΧֻ´ָ-p tcp ´-p udpĹ´δָ˿ڷΧĿ˿ڲᱻ-ġ
MASQUERADE
ֻ""natPOSTROUTINGֻ""ڶ̬ȡIPţ"""-̬IPַ""SNATαװ൱"ڸʱ"ڵIPַ"""ڹر´"´ֹ´"Ϊ"βʱδͬĽ"ڵַ"´"-"ر´"-"-
--to-ports [-port>]
ָʹ"õ´˿ڷΧĬϵSNAT´ַ-´棩´-ֻ""ָ-p tcp´-p udpĹ´
REDIRECT
ֻ""natPREROUTINGOUTPUTֻ"ǵ"û´"-İĿIPַͰ´�ɵİΪַ127.0.0.1"-
--to-ports []
ָʹ"õĿĶ˿ڻ˿ڷΧָĻĿ˿ڲᱻ-ġֻ""ָ-p tcp -p udpĹ´
DIAGNOSTICS
´
ͬĴ-Ϣ"ɱ˳0ʾ´ȷ"ڲ´Ļ´"õ--᷵ش2شΪ1
BUGS
Check is not implemented (yet).
黹δɡ
COMPATIBILITY WITH IPCHAINS
"ipchainsļ-´
iptablesRusty Russellipchainsdzơ"INPUT ֻ""ڽ뱾İ,OUTPUTֻ""´ɵİ"ÿֻ""´ǰתİᾭ"-" -i ""ý"ڣ-o"""ڣ´߶""ڽFORWARDİ�Ϳ-´ģ"ʹ"ĬϹʱiptables"�İ´ܴ"´ǰ´IPαװͰ˽ʹ"õĻ"´"´-˲ͬĴ�
-j MASQ
-M -S
-M -L
´iptables-"-ͬ
SEE ALSO
μ
iptables-HOWTO"-ϸiptables"÷,´netfilter-hacking-HOWTO""-ϸı˵
1:13 AM - 8/30/2005 - {0} -
Share and enjoy
 
 
 
 
 
 
 
 
´ϵϣ´´ס�ľ"-""ڰٺĴ˵
ϣ"-ʦഫʹŭ-IJָƽƼĺ´-ݣ"Ĺ˹õ-ĵ-ݡ
Ľ֮Ĺʹ´ߡȴؾܾ-롣˵ᲦٸĿ´"-ֵֻĹʹ´߰-Ļ˹�Ȼ-ˡ
ڶ峿´ڵĵط´"£´-ŵֵ´ĽĹḧϸµ""ݺ´´ļͷ質´´´ָŲ"Ʈ´ٺȻ"-ɳȵĹ´ܣ̧ͷ."˱´ŵĿ⡣"ʱ䣬ǵ--ֻ"-˴ˡ
"쿪ʼܻ´ÿ峿뿪ʹ"´ÿ峿-İ."صĵط
ķ´ȹ¸´ǵף-ٱ"͢
"-˶Ϊǻͯ"-ʱ´"ڰ併ٵϣڹ�´´Ϊ"İȫ´-»֮"뿪Ĺ´
˺ÿ춼´´ĵطٸ´Ĺȴ´ɳجġٺܼǿˮû"-ۿϹȾ-´ۣ"ò"ָ"ʿ´
´ھٹʤʱ̣´.ϵĹ´ȴٵˮʪ
ÿٶ´"´٣ϣ´õĹ"´�ÿ´磬͵´ɢ¶飬֪ǹ´Ļ"
´"ڣ´"´˯.´--죬ǰ-""´¶ˮȫ´˯ĵط´"ʱ漣ˡٵ""Ȫ"塣"ȪϪ"Ϫɺ""ɺ"ۺ
"´ϣ"-"Ƭ峺ĺǶ-�ٺ
10:13 AM - 8/29/2005 - {0} -
Share and enjoy
|
zhanfu"Ƽˣ´-"ù"´-��-"-"´¼
""ĵط
1.Ľ-£"Ϊֻ""İ汾ģ˵""-汾-
Google"ļ.´"´"ϲ"㡣
2.Ŀǰ--ļIMQQ,MSN,POPOȶ-ߴ´
ڴ棬ͬʱĻٶ´͡"ùtalk"´-
´ô´ڴ棬"װļܹ800K
3."-"ͻصtalk""ܣͨʵ-"-´ĺͲ
�"ֽ--skype"-֮
Google Talk is in beta and requires a Gmail username and password.
Don't have Gmail? Get an account using your mobile phone (US only).
By downloading, you agree to our Terms of Service and Privacy Policy
|
Fast download - about 3 minutes on a modem (900K) |
Requires Windows XP/2000, minimum 56k (broadband recommended)
Mac and Linux users can connect to Google Talk using other IM clients | | |
|
|
7:06 AM - 8/28/2005 - {0} -
Share and enjoy
The search giant will launch instant-messaging and Net-telephony products that promise to work with existing services -- if AOL and others agree
Add yet another offering, actually two, from Google (GOOG ) that takes the search giant even further beyond its find-anything-on-the-Web roots. On Aug. 24 it announced a broad-ranging effort to attack both the instant-messaging and Internet voice-calling markets with a service called Google Talk.
Available as a software download, the service could turn the long-divided IM market on its ear by creating the potential for interoperability not only with offerings from established players, including Time Warner's (TWX ) America Online, Microsoft's (MSFT ) MSN, and Yahoo! (YHOO ), but also with lesser-known services such as Trillian, Apple Computer's (AAPL ) iChat, and GAIM, an IM client for Linux users.
Georges Harik, Google's director of product management, says the company has opened communications with AOL and Yahoo, offering them interoperability on the Google Talk network free, and it will soon contact Microsoft. It remains to be seen whether these big players, especially AOL, which runs both its AOL Instant Messenger service and the globally popular ICQ service, will take Google up on its offer.
"WE'RE WORKING ON IT." "Our network will be open. We want to make all instant messaging networks interoperable," Harik says. Users of other IM clients would be able to connect friends to Google Talk just by adding their Gmail user names. No agreements have been struck yet. "We don't know what their reaction will be," Harik says.
Google does have one willing IM partner: Earthlink (ELNK ). The Atlanta-based Internet service provider recently debuted an IM and voice-calling software of its own called Vling. Google and Earthlink have committed to making their software interoperable, says Earthlink executive Stephen Currie. "The compatibility won't be available right away," Curries says. "But we're working on it."
One thing Harik says Google Talk won't have is advertising. "You have to be careful about advertising with IM," he says. "It's not necessarily the right platform to insert advertisements." Yet it's an important question for all the IM players because although millions of people use IM, so far it has yet to be a significant profit center for any of the services.
SIP SUPPORT. With the launch of its IM software, Google also plans to become an important force in the growing market for Internet-based voice calls. Harik says Google is looking seriously at adding technical support for SIP, or session initiation protocol, an industry standard used to make phone calls over the Internet. When it adds the support, its network would become compatible with such Net-telephony services as Vonage, SIPphone, and others that use SIP.
Google is already "deep into conversations" with ISP Earthlink and SIPphone, a San Diego-based Internet-calling startup launched by Michael Robertson, the entrepreneur behind a consumer-friendly version of Linux called Linspire.
Although it's not compatible with Skype, one of the biggest Net-telephony currently, Robertson says SIPphone's Gizmo Project service already has 250,000 customers and that it interoperates with 20 different voice services, primarily those of smaller players such as Global Village and Earthlink. "Google is working on the SIP interchange," Robertson says. "And we're working on it with them."
PHONE CHECK. Google Talk will be tightly intertwined with Gmail, Google's 16-month-old free Web-based e-mail service, known for its unlimited capacity to store messages. Gmail has been in a wide public beta-test for that entire time, open only to users who get invited by other users. The service now has more than 2 million users, Harik says.
But starting today, invites are no longer needed to get a Gmail account. In a separate announcement, Google says it will take the wraps off the service for users in the U.S. Gmail will be open and free to U.S. users but will require that they use a mobile phone capable of receiving text messages to prove they're legitimate users. When they sign up, Harik says, Google will send their phone a text message. While it may not be fail-safe, Harik says the measure is an effort to minimize Gmail being used by spammers and for other types of abuse.
11:20 AM - 8/27/2005 - {0} -
Share and enjoy
|
