Skip to content

Instantly share code, notes, and snippets.

@onigra

onigra/gist:4459888

Last active December 10, 2015 16:18
Show Gist options
  • Save onigra/4459888 to your computer and use it in GitHub Desktop.
Save onigra/4459888 to your computer and use it in GitHub Desktop.
Download ZIP
iptablesメモ
Raw
gistfile1.md

http://akabeko.me/blog/2010/09/%E3%81%95%E3%81%8F%E3%82%89%E3%81%AEvps-%E3%82%92%E4%BD%BF%E3%81%84%E3%81%AF%E3%81%98%E3%82%81%E3#

cat /etc/sysconfig/iptables

*filter
:INPUT   ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT  ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80    -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT

サーバへ入ってくるパケットをiptablesで制限するイメージ
http://www.asmaru.com/ext/cms/html_print/138/9320/index.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment