Carry00/iptables

## iptables
# 允许 IP 192.168.1.100
iptables -A INPUT -s 192.168.1.100 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100"

# 允许 IP 192.168.1.100 访问端口 80
iptables -A INPUT -s 192.168.1.100 -p tcp --dport 80 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 on port 80"

# 允许 IP 192.168.1.100 访问端口 80 和 443
iptables -A INPUT -s 192.168.1.100 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 on ports 80,443"

# 允许 IP 范围 192.168.1.100 到 192.168.1.200
iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT -m comment --comment "Allow IP range 192.168.1.100 to 192.168.1.200"

# 允许网段 192.168.1.0/24 访问端口 22
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT -m comment --comment "Allow subnet 192.168.1.0/24 on port 22"

# 允许 IP 192.168.1.100 使用 UDP 协议
iptables -A INPUT -s 192.168.1.100 -p udp -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 with UDP"

# 允许网段 192.168.1.0/24 访问端口 80 和 443
iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "Allow subnet 192.168.1.0/24 on ports 80,443"

# 允许 IP 192.168.1.100 每分钟访问端口 80 最多 5 次
iptables -A INPUT -s 192.168.1.100 -p tcp --dport 80 -m limit --limit 5/min --limit-burst 10 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 on port 80 with rate limiting"

# 将 IP 192.168.1.100 标记为 1
iptables -A INPUT -s 192.168.1.100 -j MARK --set-mark 1 -m comment --comment "Mark IP 192.168.1.100 with mark 1"

# 允许 IP 192.168.1.100 建立新连接和已建立的连接
iptables -A INPUT -s 192.168.1.100 -m state --state NEW,ESTABLISHED -j ACCEPT -m comment --comment "Allow new and established connections from IP 192.168.1.100"
	# 允许 IP 192.168.1.100
	iptables -A INPUT -s 192.168.1.100 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100"

	# 允许 IP 192.168.1.100 访问端口 80
	iptables -A INPUT -s 192.168.1.100 -p tcp --dport 80 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 on port 80"

	# 允许 IP 192.168.1.100 访问端口 80 和 443
	iptables -A INPUT -s 192.168.1.100 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 on ports 80,443"

	# 允许 IP 范围 192.168.1.100 到 192.168.1.200
	iptables -A INPUT -m iprange --src-range 192.168.1.100-192.168.1.200 -j ACCEPT -m comment --comment "Allow IP range 192.168.1.100 to 192.168.1.200"

	# 允许网段 192.168.1.0/24 访问端口 22
	iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT -m comment --comment "Allow subnet 192.168.1.0/24 on port 22"

	# 允许 IP 192.168.1.100 使用 UDP 协议
	iptables -A INPUT -s 192.168.1.100 -p udp -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 with UDP"

	# 允许网段 192.168.1.0/24 访问端口 80 和 443
	iptables -A INPUT -s 192.168.1.0/24 -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment "Allow subnet 192.168.1.0/24 on ports 80,443"

	# 允许 IP 192.168.1.100 每分钟访问端口 80 最多 5 次
	iptables -A INPUT -s 192.168.1.100 -p tcp --dport 80 -m limit --limit 5/min --limit-burst 10 -j ACCEPT -m comment --comment "Allow IP 192.168.1.100 on port 80 with rate limiting"

	# 将 IP 192.168.1.100 标记为 1
	iptables -A INPUT -s 192.168.1.100 -j MARK --set-mark 1 -m comment --comment "Mark IP 192.168.1.100 with mark 1"

	# 允许 IP 192.168.1.100 建立新连接和已建立的连接
	iptables -A INPUT -s 192.168.1.100 -m state --state NEW,ESTABLISHED -j ACCEPT -m comment --comment "Allow new and established connections from IP 192.168.1.100"