Last active
December 16, 2015 13:48
-
-
Save keepzero/5444063 to your computer and use it in GitHub Desktop.
iptables cheatsheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # 1. 清除规则 | |
| iptables -F | |
| iptables -X | |
| iptables -Z | |
| # 2. 设定政策 | |
| iptables -P INPUT ACCEPT #REJECT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| # 3. 制订各项规则 | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT | |
| iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| #iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT | |
| iptables -A INPUT -i eth0 -s 218.85.143.90 -j ACCEPT | |
| iptables -A INPUT -i eth0 -s 27.154.58.98 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --dport 188 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p tcp --dport 81 -j ACCEPT | |
| iptables -A INPUT -i eth0 -p udp --dport 68 -j ACCEPT | |
| # for mosh | |
| iptables -A INPUT -i eth0 -p udp --dport 60001:60011 -j ACCEPT | |
| #iptables -A INPUT -i eth0 -p udp --dport 123 -j ACCEPT | |
| # 4. REJECT all | |
| iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # 清除规则 | |
| iptables -F | |
| iptables -X | |
| iptables -Z | |
| # 设定默认政策 | |
| iptables -P INPUT DROP | |
| #iptables -P INPUT ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| # 正常规则 | |
| iptables -A INPUT -i lo -j ACCEPT | |
| #iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| # Service | |
| iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
| iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
| #iptables -A INPUT -p tcp --dport 81 -j ACCEPT | |
| #iptables -A INPUT -p tcp --dport 53 -j ACCEPT | |
| #iptables -A INPUT -p udp --dport 53 -j ACCEPT | |
| #iptables -A INPUT -p tcp -s 125.77.254.2 --dport 3306 -j ACCEPT | |
| #iptables -A INPUT -p tcp -s 119.233.196.129 --dport 3306 -j ACCEPT | |
| # for AWS | |
| # Bootp Bootstrap Protocol Server | |
| iptables -A INPUT -p udp --dport 68 -j ACCEPT | |
| # System time service | |
| iptables -A INPUT -p udp --dport 123 -j ACCEPT | |
| # 写入防火墙规则配置文件 | |
| service iptables save | |
| service iptables restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment