Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- PATH=/sbin:/bin:/usr/sbin:/usr/bin; export PATH
- # 1. 清除規則
- iptables -F
- iptables -X
- iptables -Z
- # 2. 設定政策
- iptables -P INPUT DROP
- iptables -P OUTPUT ACCEPT
- iptables -P FORWARD ACCEPT
- # 3~5. 制訂各項規則
- iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- iptables -A INPUT -p icmp -j ACCEPT
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT # SSH
- iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT # HTTP
- iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
- iptables -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- # 6. 寫入防火牆規則設定檔
- /etc/init.d/iptables save
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement