資訊專欄INFORMATION COLUMN
摘要:創(chuàng)建防火墻規(guī)則文件文件內(nèi)容根據(jù)個人需求修改備用使規(guī)則生效并且保存生效保存
創(chuàng)建防火墻規(guī)則文件 /etc/iptables.firewall.rules
文件內(nèi)容(根據(jù)個人需求修改)
sh*filter # Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn"t use lo0 -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 -j REJECT # Accept all established inbound connections -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow all outbound traffic - you can modify this to only allow certain traffic -A OUTPUT -j ACCEPT # Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL). -A INPUT -p tcp --dport 80 -j ACCEPT -A INPUT -p tcp --dport 443 -j ACCEPT -A INPUT -p tcp --dport 3306 -j ACCEPT #java -A INPUT -p tcp --dport 8080 -j ACCEPT -A INPUT -p tcp --dport 9090 -j ACCEPT # shadow-sockts -A INPUT -p tcp --dport 9999 -j ACCEPT -A INPUT -p tcp --dport 1080 -j ACCEPT # 備用 -A INPUT -p tcp --dport 10010 -j ACCEPT -A INPUT -p tcp --dport 10011 -j ACCEPT -A INPUT -p tcp --dport 10012 -j ACCEPT -A INPUT -p tcp --dport 10013 -j ACCEPT -A INPUT -p tcp --dport 10014 -j ACCEPT -A INPUT -p tcp --dport 10015 -j ACCEPT # Allow SSH connections # # The -dport number should be the same port number you set in sshd_config # -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW --dport 10086 -j ACCEPT # Allow ping -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
使規(guī)則生效并且保存
#生效 /sbin/iptables-restore < /etc/iptables.firewall.rules #保存 /sbin/service iptables save
