不囉嗦,直接看命令比較快。
IPTABLES=/sbin/iptables $IPTABLES -F $IPTABLES -F INPUT; $IPTABLES -P INPUT ACCEPT; $IPTABLES -Z INPUT $IPTABLES -F FORWARD; $IPTABLES -P FORWARD ACCEPT; $IPTABLES -Z FORWARD $IPTABLES -F OUTPUT; $IPTABLES -P OUTPUT ACCEPT; $IPTABLES -Z OUTPUT $IPTABLES -X $IPTABLES -N ALEX-INPUT; $IPTABLES -N REJECT-PKT; $IPTABLES -N SYN-FLOOD; $IPTABLES -A INPUT -j ALEX-INPUT $IPTABLES -A ALEX-INPUT -i lo -j ACCEPT $IPTABLES -A ALEX-INPUT -s 127.0.0.0/8 -j DROP $IPTABLES -A ALEX-INPUT -d 127.0.0.0/8 -j DROP $IPTABLES -A ALEX-INPUT -s 111.222.111.222 -j DROP $IPTABLES -A ALEX-INPUT -p tcp -m tcp ! --syn -m state --state NEW -j DROP $IPTABLES -A ALEX-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT $IPTABLES -A ALEX-INPUT -p icmp -m icmp --icmp-type ping -j ACCEPT $IPTABLES -A ALEX-INPUT -p tcp -m tcp --dport 12444 -j ACCEPT $IPTABLES -A ALEX-INPUT -p tcp -m tcp --dport 12555 -j ACCEPT $IPTABLES -A ALEX-INPUT -p tcp -m tcp --dport 12666 -j ACCEPT $IPTABLES -A ALEX-INPUT -p udp -m udp --dport 5060 -j ACCEPT $IPTABLES -A ALEX-INPUT -p udp -m udp --dport 5061 -j ACCEPT $IPTABLES -A ALEX-INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT $IPTABLES -A ALEX-INPUT -j REJECT-PKT $IPTABLES -A REJECT-PKT -p tcp -m tcp -j REJECT --reject-with tcp-reset $IPTABLES -A REJECT-PKT -p udp -m udp -j REJECT --reject-with icmp-port-unreachable $IPTABLES -A REJECT-PKT -p icmp -m icmp --icmp-type ping -j REJECT --reject-with icmp-host-unreachable
Prev