#!/bin/bashPATH=/sbin:/bin:/usr/sbin:/usr/bin; export PATH# 1. 清除規則iptab

1. #!/bin/bash
2. PATH=/sbin:/bin:/usr/sbin:/usr/bin; export PATH
3.  
4. # 1. 清除規則
5. iptables -F
6. iptables -X
7. iptables -Z
8.  
9. # 2. 設定政策
10. iptables -P   INPUT DROP
11. iptables -P  OUTPUT ACCEPT
12. iptables -P FORWARD ACCEPT
13.  
14. # 3~5. 制訂各項規則
15. iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
16. iptables -A INPUT -p icmp -j ACCEPT
17. iptables -A INPUT -i lo -j ACCEPT
18. iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # SSH
19. iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # HTTP
20. iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
21. iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
22.  
23. # 6. 寫入防火牆規則設定檔
24. /etc/init.d/iptables save