#DOP ICMP Echo-Request Messages Sent to Broadcast Or Multicast Addresses
Echo 1> / proc / sys / net / ipv4 / icmp_echo_ignore_broadcasts
?
#Drop Source Routed Packets
Echo 0> / proc / sys / net / ipv4 / conf / all / accept_source_route
?
# Enable TCP SYN Cookie Protection from Syn Floods
Echo 1> / Proc / Sys / Net / IPv4 / TCP_Syncookies
?
# Don't accept ICMP Redirect Messages
Echo 0> / Proc / Sys / Net / IPv4 / Conf / All / Accept_Redirects
?
# Don't send ICMP Redirect Messages
Echo 0> / proc / sys / net / ipv4 / conf / all / send_redirects
?
# Enable Source Address Spoofing Protection
ECHO 1> / proc / sys / net / ipv4 / conf / all / rp_filter
?
# Log Packets with Impossible Source Addresses
Echo 1> / Proc / Sys / Net / IPv4 / Conf / All / Log_martians
?
# Flush all chains
/ sbin / iptables - Flush
?
# Allow unlimited traffic on the loopback interface
/ sbin / iptables -a input -i lo -j acceptpt
/ sbin / iptables -a output -o lo -j acid
?
# Set default policies
/ sbin / iptables -p input drop
/ sbin / iptables -P Output Drop
/ sbin / iptables -p forward Drop
?
# Previously initiated and accountted Exchanges Bypass Rule Checking
# Allow unlimited Outbound Traffic
/ sbin / iptables -ainput -m state --state established, Related -j Accept
/ sbin / iptables -a output -m state --state new, established, related -j accept
?
#Enable ssh port 22
/ sbin / iptables -a input -p tcp --dport 22 -m state --state new -j acceptpt
?
# Drop All other traffic
/ sbin / iptables -a input -j drop
?
The above instance is to establish a firewall, turn on the SSH port to the outside, and turn off the ICMP package.