#!/bin/bash
echo "clean all rules before"
iptables -F
iptables -X
echo "setting up default rules"
iptables -P FORWARD ACCEPT
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
echo "allow local address"
iptables -A INPUT -i lo -p all -j ACCEPT
echo "allow now connection"
iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "allow all output connection"
iptables -A OUTPUT -j ACCEPT
echo "disable ping"
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT
echo "ssh27112"
iptables -A INPUT -p tcp --dport 27112 -j ACCEPT
iptables -A INPUT -p tcp --dport 8989 -j ACCEPT
iptables -A INPUT -p tcp --dport 9001 -j ACCEPT
iptables -A INPUT -p tcp --dport 9002 -j ACCEPT
echo "allow web service 80"
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT #https
echo "disable all error connection"
iptables -A INPUT -j REJECT
iptables -A FORWARD -j REJECT
# Disable ip
#ptables -I INPUT -s 124.115.0.199 -j DROP
# IP segment closure
#iptables -I INPUT -s 124.115.0.0/16 -j DROP
# Seal the entire IP segment
#iptables -I INPUT -s 194.42.0.0/8 -j DROP
# Several letters IP segment
#iptables -I INPUT -s 61.37.80.0/24 -j DROP
#iptables -I INPUT -s 61.37.81.0/24 -j DROP
#dport express purpose, sport represents source, output indicates that this unit, input represents access to the machine
/sbin/service iptables save
iptables -vnL
linux vps iptables Firewall configuration shell
Pingbacks are closed.
Trackbacks
Comments