https://arstech.net/install-iptables-in-debian-11-bullseye/
# 清空防火墙规则
export DEBIAN_FRONTEND=noninteractive
export DEBCONF_NONINTERACTIVE_SEEN=true
apt install iptables ipset iptables-persistent -y
iptables -P INPUT ACCEPT
iptables -F
iptables -X
/usr/sbin/netfilter-persistent save
ufw disable
制定新规则可以参考如下
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m tcp -m state -m comment -s xxx.xxx.xxx.xxx/32 --dport 22 --state NEW -j ACCEPT --comment "Open SSH Port for your xxx.xxx.xxx.xxx/32 IP only "
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT