Last active
August 29, 2015 14:14
-
-
Save melice/b466633bc41851177b58 to your computer and use it in GitHub Desktop.
配置iptables脚本
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
######################################### | |
#Function: auto_iptables | |
#Usage: bash auto_iptables.sh | |
#Author: melice | |
#Version: 1.0 | |
#Origin: vpser.net | |
# for ubuntu only | |
######################################### | |
iptables -F | |
iptables -X | |
iptables -Z | |
#允许本地回环接口(即运行本机访问本机) | |
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT | |
# 允许已建立的或相关连的通行 | |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
#允许所有本机向外的访问 | |
iptables -A OUTPUT -j ACCEPT | |
# 允许访问22端口 | |
iptables -A INPUT -p tcp --dport 22 -j ACCEPT | |
#允许访问80端口 | |
iptables -A INPUT -p tcp --dport 80 -j ACCEPT | |
#禁止其他未允许的规则访问 | |
iptables -A INPUT -j REJECT | |
#(注意:如果22端口未加入允许规则,SSH链接会直接断开。) | |
iptables -A FORWARD -j REJECT | |
echo "#!/bin/bash" >> /etc/network/if-post-down.d/iptables | |
echo "iptables-save > /etc/iptables.rules" >> /etc/network/if-post-down.d/iptables | |
chmod +x /etc/network/if-post-down.d/iptables | |
echo "#!/bin/bash" >> /etc/network/if-pre-up.d/iptables | |
echo "iptables-restore < /etc/iptables.rules" >> /etc/network/if-pre-up.d/iptables | |
chmod +x /etc/network/if-pre-up.d/iptables | |
iptables -L -n |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment