华子的代码空间

逆水行舟,不进则退。 关注系统编程、网络编程、并发、分布式。

常用iptables设置

 1 #!/bin/bash
 2 
 3 # Name of wan and lan interface
 4 wan_interface=eth1
 5 lan_interface=eth0
 6 vbox_int=vboxnet0
 7 
 8 # Where is iptables
 9 BIN=/sbin/iptables
10 
11 $BIN -X
12 $BIN -F
13 $BIN -F -t nat 
14 $BIN -F -t raw
15 
16 #$BIN -P INPUT DROP
17 $BIN -P INPUT ACCEPT
18 $BIN -P OUTPUT ACCEPT
19 $BIN -P FORWARD ACCEPT
20 
21 $BIN -A INPUT  -p icmp --icmp-type any -j ACCEPT
22 $BIN -A INPUT  -i lo -j ACCEPT
23 $BIN -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
24 $BIN -A INPUT -i $vbox_int -j ACCEPT
25 $BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
26 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
27 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
28 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
29 $BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
30 $BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 10001 -j ACCEPT
31 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 55555 -j ACCEPT
32 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 631 -s 192.168.56.0/24 -j ACCEPT
33 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT
34 $BIN -A INPUT  -j REJECT --reject-with icmp-host-prohibited
35 
36 $BIN -t nat -A POSTROUTING -s 192.168.56.0/24 -o $wan_interface -j MASQUERADE
37 $BIN -t nat -A POSTROUTING -s 192.168.56.0/24 -o $lan_interface -j MASQUERADE
38 
39 
40 #$BIN -t nat -A PREROUTING -s 172.16.10.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
41 #$BIN -t nat -A POSTROUTING -s 172.16.9.0/24 -o $wan_interface -j SNAT --to $wan_ip
42 #$BIN -t raw -A PREROUTING -s 172.16.10.0/24 -j ACCEPT
43 #$BIN -t raw -A PREROUTING -s 172.16.0.0/16 -m string --algo bm --string "youku.com" -j DROP
44 #$BIN -t raw -A PREROUTING -s 172.16.0.0/16 -m string --algo bm --string "ku6.com" -j DROP
45 #$BIN -t raw -A PREROUTING -s 172.16.0.0/16 -m string --algo bm --string "6.cn" -j DROP

 

posted on 2013-01-18 13:28  华子的代码空间  阅读(263)  评论(0编辑  收藏  举报

导航