iptables.sh 初始化防火墙配置

2022-12-29 18:58:38

#!/bin/bash

iptables -F

iptables -X

iptables -Z

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#---------------------------------------------------------------SMG start

#limit

#iptables -A INPUT -p tcp -m tcp --dport  --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above  --connlimit-mask  -j DROP

#To ensure that the connection is normal

iptables -A INPUT -p all  -m state --state RELATED,ESTABLISHED -j ACCEPT

#nginx common access

iptables -A INPUT -p tcp --dport  -j ACCEPT

#iptables -A INPUT -p tcp --dport  -j ACCEPT

iptables -A INPUT -s 10.0.0.0/ -j ACCEPT

iptables -A INPUT -s SLB -j ACCEPT

#Yum

iptables -A INPUT -p tcp --sport  -j ACCEPT

iptables -A INPUT -p tcp --sport  -j ACCEPT

iptables -A INPUT -p tcp --sport  -j ACCEPT

#db slb

iptables -A INPUT -s XXXX -j ACCEPT

#for zabbix:

iptables -A INPUT -s XXXX -j ACCEPT

#for jump

iptables -A INPUT -s XXXX -j ACCEPT

iptables -A INPUT -s XXXX -j ACCEPT

##dns

iptables -A INPUT -p tcp --sport  -j ACCEPT

iptables -A INPUT -p udp --sport  -j ACCEPT

##for ping:

iptables -A INPUT -p icmp --icmp-type any -j ACCEPT

### end ###

iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset

iptables -A INPUT -j DROP
上一篇:如何让ie 7 支持box-shadow


下一篇:PHP数据乱码