注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

snoopyxdy的博客

https://github.com/DoubleSpout

 
 
 

日志

 
 

比较通用的iptables的设置  

2014-07-03 16:10:41|  分类: 沉淀 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
直接上配置,centos6

#!/bin/sh -e

#----------------------------------------------------------
# iptables settings
#----------------------------------------------------------

#Connection IP address

#----------------------Standard part---------------------------
# Stop iptables service first
#service iptables stop
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z

# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT

# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT

# Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ICMP Control
/sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT


# SSH Service
/sbin/iptables -A INPUT -d x.x.x.x -p tcp --dport 22 -j ACCEPT


#-----------------------Custom part-----------------------

# HTTP Service
/sbin/iptables -A INPUT -d x.x.x.x -p tcp --dport 80 -j ACCEPT

# Games Service
#/sbin/iptables -A INPUT -p tcp --dport 8681:8683 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp -m multiport --dport 8706,8708 -j ACCEPT


#deny all Service
/sbin/iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
/sbin/iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited

service iptables save


centos7要先关闭firewalld:

With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.

It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:
systemctl disable firewalld
systemctl stop firewalld
systemctl mask firewalld

Then, install the iptables-services package:

yum install iptables-services

Enable the service at boot-time:

systemctl enable iptables

Managing the service

systemctl [stop|start|restart] iptables

Systemctl doesn't seem to manage the save action like you were able to do in the past with service:

/usr/libexec/iptables/iptables.init save



ubuntu 系统的:

#!/bin/sh -e

#----------------------------------------------------------
# iptables settings
#----------------------------------------------------------

#Connection IP address

#----------------------Standard part---------------------------
# Stop iptables service first
#service iptables stop
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z 

# Inital chains default policy
iptables -F -t filter
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT

# Enable Native Network Transfer
iptables -A INPUT -i lo -j ACCEPT

# Accept Established Connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ICMP Control
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT


# SSH Service
iptables -A INPUT -d 121.199.41.177  -p tcp --dport 22 -j ACCEPT


#-----------------------Custom part-----------------------

# HTTP Service
iptables -A INPUT -d 121.199.41.177 -p tcp --dport 80 -j ACCEPT

# Games Service
#iptables -A INPUT -p tcp --dport 8681:8683 -j ACCEPT
#iptables -A INPUT -p tcp -m multiport --dport 8706,8708 -j ACCEPT


#deny all Service
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited

iptables-save
iptables-save > /etc/iptables.up.rules

  评论这张
 
阅读(577)| 评论(4)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2016