首页 » *NIX相关 » 发一个iptables规则列表

发一个iptables规则列表

作者: Netsky 分类: *NIX相关 发布时间: 2012-06-08 23:54 ė浏览 325 次 6没有评论

# iptables conf /etc/sysconfig/iptables
# Created by http://www.wdlinux.cn
# Last Updated 2010.06.01

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 22 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 21 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 80 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 8080 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state -m tcp –dport 10240:10260 –state NEW -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

把以上的内容添加或替换掉 /etc/sysconfig/iptables 文件,然后service iptables restart即可生效
上面的规则中,只开放了22,21,80,8000等端口,10240至10260是FTP被动模式的端口,其它的都是禁止
可以根据自己实际情况进行修改即可使用

本文出自 80后,转载时请注明出处及相应链接。

本文永久链接: http://xiwaer.com/220.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注

Ɣ回顶部