鸿 网 互 联 www.68idc.cn

当前位置 : 服务器租用 > 服务器相关 > 批处理 > >

cat /etc/iptables.sh

来源:互联网 作者:佚名 时间:2015-09-27 08:49
cat /etc/iptables.sh #!/bin/bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin iptables -F iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT iptables -A INPUT -m state --state


cat   /etc/iptables.sh 
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#for monitor
#for ping:

iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
#iptables -A INPUT -p tcp  --syn  --dport 80 -m connlimit --connlimit-above 8  -j REJECT

iptables  -A INPUT   -s   192.168.0.0/24 -j ACCEPT
iptables  -A INPUT   -s   127.0.0.1/32    -m tcp  -p tcp  --dport  3306  -j ACCEPT
iptables  -A INPUT   -s   211.102.91.0/27   -j ACCEPT
iptables  -A INPUT   -s   211.102.91.0/27    -m tcp  -p tcp  --dport  3306  -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 60  --hitcount 120 -j REJECT
#iptables -A INPUT -m state --state NEW  -m tcp  -p tcp  --dport 80 -m connlimit --connlimit-above 50 -j REJECT

iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -m limit --limit 100/s -j ACCEPT
iptables -A  INPUT  -p tcp --tcp-flags SYN,ACK,FIN,RST SYN -m limit --limit 100/s -j ACCEPT

iptables -A FORWARD -p TCP ! --syn -m state --state NEW -j REJECT
iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 200 -j ACCEPT


#iptables -A INPUT -p tcp  --syn --dport 80 -m connlimit --connlimit-above 1 -j REJECT
#iptables -A INPUT -m limit --limit 3/hour --limit-burst 5       -j  REJECT
#iptables  -A  INPUT  -p tcp  --syn  -m  limit  --limit  1/s   -j  ACCEPT

#iptables -A INPUT -p tcp     --dport 80 -m connlimit --connlimit-above 30 -j REJECT

iptables -A INPUT -p tcp --sport 1024:65535 --dport 1024:65535 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#for DNS:
iptables -A INPUT -p tcp --source-port 53 -j ACCEPT
iptables -A INPUT -p udp --source-port 53 -j ACCEPT
##########################################
#for special IP  drop something port
#dropip="203.188.197.0/24 168.95.5.0/24 203.188.197.9"
# for ip in $dropip; do
#        iptables -A INPUT  -s $ip  -j DROP
#        iptables -A OUTPUT -d $ip -j DROP
# done
####################################
TCPPORT=" 443 80 20 22  3306 21 11211 873 10000 8001"
for port in $TCPPORT; do
        iptables -A INPUT -p tcp --dport $port -j ACCEPT
        iptables -A OUTPUT -p tcp --sport $port -j ACCEPT
done
#################################################
UDPPORT="161"
for port in $UDPPORT; do
        iptables -A INPUT -p udp --dport $port -j ACCEPT
        iptables -A OUTPUT -p udp --sport $port -j ACCEPT
done
######################################################
#for Local FTP Server:
iptables -A INPUT -p tcp -m multiport --dport 21,20 -j ACCEPT
iptables -A INPUT -p tcp  --dport 40000:42000 -j ACCEPT
#for same ip in port
#acceptport="873 3306"
#for port in $acceptport; do
#acceptip="205.209.136.212"
# for ip in $acceptip; do
#     iptables -A INPUT -p tcp --dport $port -s $ip -j ACCEPT
#     iptables -A OUTPUT -p tcp --sport $port -d $ip -j ACCEPT   
# done
#done

#iptables -A INPUT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT
#iptables -A OUTPUT -p all -m state --state NEW,ESTABLISHED -j ACCEPT

iptables  -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables  -A  FORWARD -j REJECT --reject-with icmp-host-prohibited

#iptables  -A INPUT -j REJECT --reject-with icmp-host-prohibited 
#iptables  -A INPUT -p tcp -j REJECT --reject-with tcp-reset     

#iptables  -A OUTPUT -j REJECT --reject-with icmp-host-prohibited
#iptables  -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset

#iptables  -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT


iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP






网友评论
<