当前位置: 技术问答>linux和unix
熟悉iptables的帮忙看看!!
来源: 互联网 发布时间:2016-01-25
本文导语: 我的这个iptables的脚本可以运行吗?怎么运行? # (1) Policies (default) iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP # (2) User-defined chain for ACCEPTed TCP packets iptables -N okay iptables -A okay -p TCP --syn...
我的这个iptables的脚本可以运行吗?怎么运行?
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# (2) User-defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,TELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules
# Rules for incoming packets from LAN
iptables -A INPUT -P ALL -i eth0:1 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 192.168.1.8 -j ACCEPT
iptables -A INPUT -P ALL -i eth0:1 -d 10.0.0.255 -j ACCEPT
#Rules for incoming packets from the Internet
#Packets for established connections
iptables -A INPUT -p ALL -d 192.168.1.8 -m state --state ESTABLISHED,RELATED -j ACCEPT
# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
# icmp rules
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 8 -j ACCEPT
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 11 -j ACCEPT
# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth0:1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# (5) output chain rules
# Only output packets with local addresses (on spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCPET
iptables -A OUTPUT -p ALL -s 10.0.0.1 -j ACCPET
iptables -A OUTPUT -p ALL -s 192.168.1.8 -j ACCPET
# (6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.8
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# (2) User-defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,TELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules
# Rules for incoming packets from LAN
iptables -A INPUT -P ALL -i eth0:1 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 10.0.0.1 -j ACCEPT
iptables -A INPUT -P ALL -i lo -s 192.168.1.8 -j ACCEPT
iptables -A INPUT -P ALL -i eth0:1 -d 10.0.0.255 -j ACCEPT
#Rules for incoming packets from the Internet
#Packets for established connections
iptables -A INPUT -p ALL -d 192.168.1.8 -m state --state ESTABLISHED,RELATED -j ACCEPT
# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
# icmp rules
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 8 -j ACCEPT
iptables -A INPUT -p ICPM -i eth0 -s 0/0 --icpm-type 11 -j ACCEPT
# (4) FORWARD chain rules
# Accept the packets we want to forward
iptables -A FORWARD -i eth0:1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# (5) output chain rules
# Only output packets with local addresses (on spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCPET
iptables -A OUTPUT -p ALL -s 10.0.0.1 -j ACCPET
iptables -A OUTPUT -p ALL -s 192.168.1.8 -j ACCPET
# (6) POSTROUTING chain rules
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.8
|
在文件前面第一行加上
#!/bin/bash
chmod u+x your_iptablescript
sh your_iptablescript
如果程序里调用执行,要加全路径
#!/bin/bash
chmod u+x your_iptablescript
sh your_iptablescript
如果程序里调用执行,要加全路径
您可能感兴趣的文章:
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。