• 常用iptables设置


     1 #!/bin/bash
     2 
     3 # Name of wan and lan interface
     4 wan_interface=eth1
     5 lan_interface=eth0
     6 vbox_int=vboxnet0
     7 
     8 # Where is iptables
     9 BIN=/sbin/iptables
    10 
    11 $BIN -X
    12 $BIN -F
    13 $BIN -F -t nat 
    14 $BIN -F -t raw
    15 
    16 #$BIN -P INPUT DROP
    17 $BIN -P INPUT ACCEPT
    18 $BIN -P OUTPUT ACCEPT
    19 $BIN -P FORWARD ACCEPT
    20 
    21 $BIN -A INPUT  -p icmp --icmp-type any -j ACCEPT
    22 $BIN -A INPUT  -i lo -j ACCEPT
    23 $BIN -A INPUT  -m state --state RELATED,ESTABLISHED -j ACCEPT
    24 $BIN -A INPUT -i $vbox_int -j ACCEPT
    25 $BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    26 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    27 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    28 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
    29 $BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
    30 $BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 10001 -j ACCEPT
    31 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 55555 -j ACCEPT
    32 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 631 -s 192.168.56.0/24 -j ACCEPT
    33 #$BIN -A INPUT  -m state --state NEW -m tcp -p tcp --dport 5672 -j ACCEPT
    34 $BIN -A INPUT  -j REJECT --reject-with icmp-host-prohibited
    35 
    36 $BIN -t nat -A POSTROUTING -s 192.168.56.0/24 -o $wan_interface -j MASQUERADE
    37 $BIN -t nat -A POSTROUTING -s 192.168.56.0/24 -o $lan_interface -j MASQUERADE
    38 
    39 
    40 #$BIN -t nat -A PREROUTING -s 172.16.10.0/24 -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
    41 #$BIN -t nat -A POSTROUTING -s 172.16.9.0/24 -o $wan_interface -j SNAT --to $wan_ip
    42 #$BIN -t raw -A PREROUTING -s 172.16.10.0/24 -j ACCEPT
    43 #$BIN -t raw -A PREROUTING -s 172.16.0.0/16 -m string --algo bm --string "youku.com" -j DROP
    44 #$BIN -t raw -A PREROUTING -s 172.16.0.0/16 -m string --algo bm --string "ku6.com" -j DROP
    45 #$BIN -t raw -A PREROUTING -s 172.16.0.0/16 -m string --algo bm --string "6.cn" -j DROP
  • 相关阅读:
    启动docker 服务时 虚拟机端口转发 外部无法访问
    ADC滤波处理的十种方法
    ubuntu卸载软件
    Cannot fetch index base URL http://pypi.python.org/simple/
    pip命令详解
    QT入门
    tensorflow学习-第一章
    opencv学习-第一章
    二叉树详解
    C/C++内存地址划分
  • 原文地址:https://www.cnblogs.com/huazi/p/2866246.html
Copyright © 2020-2023  润新知