iptables脚本

iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35104 -j DNAT --to-destination 172.19.48.51:5188

iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35105 -j DNAT --to-destination 172.19.48.51:51888
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p udp -m udp --dport 35106 -j DNAT --to-destination 172.19.48.51:47998
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p udp -m udp --dport 35107 -j DNAT --to-destination 172.19.48.51:47999
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p udp -m udp --dport 35108 -j DNAT --to-destination 172.19.48.51:48000
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35115 -j DNAT --to-destination 172.19.48.51:47996
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35117 -j DNAT --to-destination 172.19.48.51:47995
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35118 -j DNAT --to-destination 172.19.48.51:49008
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35119 -j DNAT --to-destination 172.19.48.51:49034
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35120 -j DNAT --to-destination 172.19.48.51:47998
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35121 -j DNAT --to-destination 172.19.48.51:47999
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35122 -j DNAT --to-destination 172.19.48.51:48000
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p udp -m udp --dport 35123 -j DNAT --to-destination 172.19.48.51:47995
# 虚拟手柄端口
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35124 -j DNAT --to-destination 172.19.48.51:50000
# h5端口
iptables -t nat -A PREROUTING -d 172.19.43.211/32 -p tcp -m tcp --dport 35125 -j DNAT --to-destination 172.19.48.51:47997
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 5188 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 51888 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p udp -m udp --dport 47998 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p udp -m udp --dport 47999 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p udp -m udp --dport 48000 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 47996 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 47995 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 49008 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 49034 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 47998 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 47999 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 48000 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p udp -m udp --dport 47995 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 50000 -j SNAT --to-source 172.19.43.211
iptables -t nat -A POSTROUTING -d 172.19.48.51/32 -p tcp -m tcp --dport 47997 -j SNAT --to-source 172.19.43.211

 

 

 

#!/bin/bash

#
 
#
public_address='132.98.83.2'
local_address='172.19.121.211'
lan_destination_address_prefix='172.19.121.'
lan_address=`seq 13 32`
 
for the_address in ${lan_address}
do
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}04 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:5188
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}05 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:51888
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p udp -m udp --dport 3${the_address}06 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47998
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p udp -m udp --dport 3${the_address}07 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47999
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p udp -m udp --dport 3${the_address}08 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:48000
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}15 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47996
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}17 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47995
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}18 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:49008
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}19 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:49034
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}20 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47998
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}21 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47999
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}22 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:48000
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p udp -m udp --dport 3${the_address}23 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47995
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}24 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:50000
    iptables -t nat -A PREROUTING -d ${public_address}/32 -p tcp -m tcp --dport 3${the_address}25 -j DNAT --to-destination ${lan_destination_address_prefix}${the_address}:47997
 
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 5188  -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 51888 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p udp -m udp --dport 47998 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p udp -m udp --dport 47999 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p udp -m udp --dport 48000 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 47996 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 47995 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 49008 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 49034 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 47998 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 47999 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 48000 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p udp -m udp --dport 47995 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 50000 -j SNAT --to-source ${local_address}
    iptables -t nat -A POSTROUTING -d ${lan_destination_address_prefix}${the_address}/32 -p tcp -m tcp --dport 47997 -j SNAT --to-source ${local_address}
done
 
 
--------------------

#!/bin/bash
#
#
# 启动脚本接收1个参数
# 参数为需要放行的端口,多个使用逗号隔开,例:
# sh sh.sh 80,8080

port=$1


if [ -z "${port}" ]
then
echo 'You must enter 1 parameter'
echo 'Usage: sh JiangXi_telecom_iptables.sh {port1,port2,port3...}'
exit 5
fi

address_range=(
59.xx.255.255
115.148.0.0-115.153.255.255
117.40.0.0-117.45.255.255
182.84.0.0-182.111.255.255
218.64.0.0-218.65.127.255
220.175.0.0-220.177.255.255
106.224.0.0-106.230.255.255

)

address_subnet=(
61.131.128.0/255.255.128.0
61.180.0.0/255.255.128.0
106.4.0.0/255.252.0.0
111.72.0.0/255.248.0.0
117.21.0.0/255.255.0.0
202.101.192.0/255.255.192.0
202.109.128.0/255.255.192.0
218.87.0.0/255.255.0.0
218.95.0.0/255.255.128.0
10.0.0.0/255.0.0.0
61.155.239.240/255.255.255.248
115.168.45.0/255.255.255.0
115.168.77.0/255.255.255.0
118.85.214.0/255.255.255.0

)

for ip_range in ${address_range[@]}
do
iptables -I INPUT -m iprange --src-range $ip_range -p tcp -m multiport --dport $port -j ACCEPT
done

for ip_subnet in ${address_subnet[@]}
do
iptables -I INPUT -s $ip_subnet -p tcp -m multiport --dport $port -j ACCEPT
done

 

# 极度危险命令,拒绝所有IP访问本机所有端口
# iptables -A INPUT -j DROP

posted @ 2023-03-30 15:45  技术颜良  阅读(83)  评论(0编辑  收藏  举报