#!/bin/sh
iptables -F iptables -X iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP iptables -A INPUT -m state –state ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp –dport 80 -j ACCEPT iptables -A INPUT -p tcp -s 122.207.101.0/24 –destination-port 22 -j ACCEPT iptables -A OUTPUT -m state –state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p icmp –icmp-type echo -request -j ACCEPT
防火墙配置我不甚了解,以上代码是由网友提供,功能是:公开80、显示ssh到某一ip段可以访问。
如果需要开机启动这个脚本,那么需要修改/etc/rc.d/rc.local 中加一句 source /root/iptalbes.sh即可
还可以这样写 # this script is for iptables iptables -F INPUT iptables -P INPUT ACCEPT #iptables -A INPUT -s 12.34.56.78/16 -p tcp –dport 80 -j ACCEPT #允许ip访问80端口 #iptables -A INPUT -s 1.2.3.4/16 -p tcp –dport 80 -j ACCEPT iptables -A INPUT -s 122.207.221.0/24 -p icmp -j ACCEPT iptables -A INPUT -p tcp –dport 80 -j ACCEPT iptables -A INPUT -s 122.207.221.0/24 -p tcp -m multiport –port 1133 -j ACCEPT iptables -P INPUT DROP #end