存档

文章标签 ‘iptables’

iptables 端口针对动态IP(adsl)映射规则

2011年6月1日 eric 42 条评论

iptables -A PREROUTING -t nat -i ppp1 -p tcp –dport 8080 -j DNAT –to 1.1.1.3:22 iptables -A POSTROUTING -t nat -o ppp1 -p tcp -m tcp –dport 8080 -j SNAT –to 1.1.1.1 iptables -A INPUT -p tcp -m state –state NEW –dport 22 -i eth1 -j ACCEPT iptables -A PREROUTING -t nat -i ppp1 -p [...]

分类: linux 标签:

ubuntu iptables 脚本

2010年1月28日 eric 34 条评论

#!/bin/bash
case “$1″ in
start)
echo -n “Staring to write your Iptbales:…”
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z

/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp -j ACCEPT
iptables -A INPUT -i eth0 -p icmp –icmp-type echo-reply -j ACCEPT
iptables -t filter -A INPUT -p icmp -s 111.111.111.111 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp -j REJECT –reject-with icmp-host-unreachable
/sbin/iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 111.111.111.111/32 –destination-port 555 -j ACCEPT
/sbin/iptables -A INPUT -p all -m state –state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -m state –state INVALID,NEW -j DROP
echo “Ok”

;;
*)
echo “Usage: $0 {start}”
esac

exit 0

分类: iptabes, linux 标签: , , ,