配置iptables脚本

auto_iptables.sh

#!/bin/bash
#########################################
#Function:    auto_iptables
#Usage:       bash auto_iptables.sh
#Author:      melice
#Version:     1.0
#Origin:      vpser.net
# for ubuntu only 
#########################################

iptables -F
iptables -X
iptables -Z

#允许本地回环接口(即运行本机访问本机)
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
# 允许已建立的或相关连的通行
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#允许所有本机向外的访问
iptables -A OUTPUT -j ACCEPT
# 允许访问22端口
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
#允许访问80端口
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
#禁止其他未允许的规则访问
iptables -A INPUT -j REJECT  
#（注意：如果22端口未加入允许规则，SSH链接会直接断开。）
iptables -A FORWARD -j REJECT

echo "#!/bin/bash" >> /etc/network/if-post-down.d/iptables
echo "iptables-save > /etc/iptables.rules" >> /etc/network/if-post-down.d/iptables
chmod +x /etc/network/if-post-down.d/iptables

echo "#!/bin/bash" >> /etc/network/if-pre-up.d/iptables 
echo "iptables-restore < /etc/iptables.rules" >> /etc/network/if-pre-up.d/iptables 

chmod +x /etc/network/if-pre-up.d/iptables

iptables -L -n