有最基本的作用。。
# Generated by iptables-save v1. :: *filter :INPUT ACCEPT [:] :FORWARD ACCEPT [:] :OUTPUT ACCEPT [:] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport -j ACCEPT -A INPUT -p tcp -m tcp --dport -j ACCEPT -A INPUT -p tcp -m tcp --dport -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -p tcp --syn -m limit --limit /s --limit-burst -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit /sec -j ACCEPT -A FORWARD -p icmp -m icmp --icmp-type -m limit --limit /sec -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Sep ::