iptables 

 1 # Generated by iptables-save v1.4.21 on Tue Oct 19 15:41:47 2021
 2 *filter
 3 :INPUT DROP [43819:1949870]
 4 :FORWARD ACCEPT [0:0]
 5 :OUTPUT ACCEPT [478859:91285684]
 6 -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
 7 -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
 8 -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
 9 -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
10 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
11 -A INPUT -p udp -m udp --sport 53 -j ACCEPT
12 -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
13 -A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
14 -A INPUT -p icmp -j ACCEPT
15 -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
16 -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
17 -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
18 -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
19 -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
20 -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
21 COMMIT
22 # Completed on Tue Oct 19 15:41:47 2021
23 # Generated by iptables-save v1.4.21 on Tue Oct 19 15:41:47 2021
24 *nat
25 :PREROUTING ACCEPT [266973:20691122]
26 :INPUT ACCEPT [120794:7246894]
27 :OUTPUT ACCEPT [1293:96260]
28 :POSTROUTING ACCEPT [1293:96260]
29 -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
30 -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
31 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
32 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
33 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
34 COMMIT
35 # Completed on Tue Oct 19 15:41:47 2021
36 # Generated by iptables-save v1.4.21 on Tue Oct 19 15:41:47 2021
37 *mangle
38 :PREROUTING ACCEPT [1792673:272490374]
39 :INPUT ACCEPT [1767988:264393694]
40 :FORWARD ACCEPT [0:0]
41 :OUTPUT ACCEPT [1558279:294447644]
42 :POSTROUTING ACCEPT [1558279:294447644]
43 -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
44 COMMIT
45 # Completed on Tue Oct 19 15:41:47 2021

 iptables -t filter -A INPUT -i lo -j ACCEPT

posted @ 2021-10-14 10:50  maojun1998  阅读(52)  评论(0编辑  收藏  举报