- 論壇徽章:
- 0
|
#!/bin/bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
sshdport=23
# 獲取DNS服務(wù)器IP
if [ -s /etc/resolv.conf ];then
nameserver1=`cat /etc/resolv.conf |grep nameserver |awk 'NR==1{print $2 }'`
nameserver2=`cat /etc/resolv.conf |grep nameserver |awk 'NR==2{print $2 }'`
fi
IPT="/sbin/iptables"
# 刪除已有規(guī)則
$IPT --delete-chain
$IPT --flush
# 禁止進(jìn),允許出,允許回環(huán)網(wǎng)卡
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP
$IPT -A INPUT -i lo -j ACCEPT
# 允許已建立的或相關(guān)連接的通行
$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#INPUT ACCEPT 80 SSH ORACL
$IPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dport 1521,5003,$sshdport -s 192.168.252.0/24 -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dport 1521,5003,$sshdport -s 192.168.253.0/24 -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dport 1521,5003 -s 172.18.10.0/24 -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dport 1521,5003,$sshdport -s 192.168.6.0/24 -j ACCEPT
# OUTPUT ACCEPT 80 SSH ORACL
$IPT -A OUTPUT -p tcp -m multiport --sport 1521,5003 -d 192.168.252.0/24 -j ACCEPT
$IPT -A OUTPUT -p tcp -m multiport --sport 1521,5003,$sshdport -d 192.168.253.0/24 -m state --state ESTABLISHED -j ACCEPT
$IPT -A OUTPUT -p tcp -m multiport --sport 1521,5003 -d 172.18.10.0/24 -j ACCEPT
$IPT -A OUTPUT -p tcp -m multiport --sport 23 -d 192.168.6.0/24 -j ACCEPT
$IPT -A OUTPUT -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
# 允許ping
$IPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
$IPT -A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
# 允許DNS
[ ! -z "$nameserver1" ] && $IPT -A OUTPUT -p udp -m udp -d $nameserver1 --dport 53 -j ACCEPT
[ ! -z "$nameserver2" ] && $IPT -A OUTPUT -p udp -m udp -d $nameserver2 --dport 53 -j ACCEPT
過幾分鐘���,我的80就無法訪問了��,我 iptables -P OUTPUT ACCEPT 就可以了�����,我在里面input和output都允許了����,怎么會這樣����??��? |
|
免費注冊
發(fā)表于 2014-09-16 17:00
發(fā)表于 2014-09-18 13:29