2. Tech
  3. Iptables firewall script

Iptables firewall script

xiaoxiao2021-03-06  36

[root @ hkweb root] # CAT / etc / xxx #! / bin / bashecho "1"> /proc/sys/net/ipv4/ip_forwardinet_iface="eth0"inet_ip="202.96.155.37"land_iface="eth1"lan_ip= "10.0.0.252" LAN_IP_RANGE = "10.0.0.0/8" IPT = "/ sbin / iptables" / sbin / depmod -a / sbin / modprobe ip_tables / sbin / modprobe iptable_nat / sbin / modprobe ip_nat_ftp / sbin / modprobe ipt_LOGfor TABLE in Filter nat mangle;

do $ IPT -t $ TABLE -F $ IPT -t $ TABLE -Xdoneiptables -P INPUT DROPiptables -P OUTPUT DROPiptables -P FORWARD DROPiptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPTiptables -A INPUT -i eth1 -j acceptiptables -a output -o eth1 -j acceptiptables -a forward -i eth1 -j acceptiptables -a forward -o eth1 -j acid-iptables -a input -i eth0 -j acidptiptables -a output -o eth0 -j acceptiptables -a input -i eth0 -p tcp -s 0/0 -m state --state established, Related -j acceptiptables -a input -i eth0 -p udp -s 0/0 -m state --State Establish , Related -j Acceptiptables -a Input -i Eth0 -p ICMP -S 0/0 -m State --State Established, Related -j Acceptiptables -a Input -i Eth0 -s 0/0 -P TCP - Dport 21 - J ACCEPTIPTABLES -A INPUT -I Eth0 -p TCP -S 203.86.67.18 --Dport 22 -j Acceptiptables -a Input -i Eth0 -p TCP -S 202.96.155.38 --Dport 22 -j Acceptiptables -a Input -i Eth0 -p TCP -S 211.96.97.20 - Dport 22 -j Acceptiptables -a Input -i Eth0 -p TCP -S 211.96.97.22 - Dport 22 -J Acceptiptables -a Input -i Eth0 -P TCP -S 210.75.18.33 - Dport 22 -j Acceptiptables -a Input -i Eth0 -p TCP -S 210.75.18.34 - Dport 22 -j Acceptiptables -a Input -i Eth0 -p TCP - S210.75.18.35 --dport 22 -j acceptiles -a input -i eth0 -p TCP -S210.75.18.36 --dport 22 -j acceptabletables -a input -i eth0 -p tcp -s210.75.18.37 --dport 22 -J Acceptiptables -a Input -i Eth0 -p TCP -S 210.75.18.38 - Dport 22 -j Acceptiptables -a Input -i Eth0 -p TCP -S 61.144.222.111 --Dport 22 -j Acceptiptables -a Input -i Eth0 -p tcp -s! 202.66.8.210 --dport 1521 -j accept # iptables -a input -i eth0 -p tcp -s! 202.66.8.210 --dport 80 -j acceptiptables -a input -i eth0 -p TCP -S! 202.66.8.210 --dport 80 -j acceptiptables -a input -i eth0 -p tcp -s!

转载请注明原文地址:https://www.9cbs.com/read-60621.html

9cbs

New Post(0)