iptalbes 配置文件

来源：百度文库编辑：神马文学网时间：2024/04/29 05:58:43

iptalbes 配置文件

#!/bin/bash

export PATH=/sbin:/usr/sbin:/bin:/usr/bin

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -Z

## Allow forwarding through the internal interface

#deny 126.com mail through internet;
#iptables -I INPUT -s 192.168.6.2 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

echo "ADSL Starting........"
adsl-stop
adsl-start

echo "Apply Iptables firewall.........."
service iptables stop

#====iptables INPUT DROP====
iptables -P INPUT DROP
iptables -I INPUT -i eht1 -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 3128,21,20,110,25,22 -j ACCEPT

#iptables -A INPUT -p tcp --dport 53 -j ACCEPT
#iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -s 192.168.6.0/24 -j ACCEPT

# Make sure that new TCP connections are SYN packets
iptables -A INPUT -i ppp0 -p tcp ! --syn -m state --state NEW -j DROP
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -N syn-flood
iptables -A INPUT -p tcp --syn -j syn-flood
iptables -I syn-flood -p tcp -m limit --limit 3/s --limit-burst 6 -j RETURN
iptables -A syn-flood -j REJECT

#======================================================================
iptables -P OUTPUT ACCEPT
#iptables -P OUTPUT DROP
#ptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#ptables -A OUTPUT -p tcp -m multiport --dports 22,80,110,25 -j ACCEPT
#ptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT
#ptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
#========================================================================

iptables -A OUTPUT -d 126.com -j DROP
iptables -A OUTPUT -s reg.126.com -j DROP
iptables -A OUTPUT -s www.126.com -j DROP
iptables -A OUTPUT -s mail.126.com -j DROP
iptables -A OUTPUT -s mail.163.com -j DROP
iptables -A OUTPUT -s reg.163.com -j DROP
iptables -A OUTPUT -s photo.163.com -j DROP
iptables -A OUTPUT -s auto.qq.com -j DROP
iptables -A OUTPUT -s reg.163.com -j DROP
iptables -A OUTPUT -s news.qq.com -j DROP
iptables -A OUTPUT -s qq.com -j DROP
iptables -A OUTPUT -s www.qq.com -j DROP
iptables -A OUTPUT -s mail.qq.com -j DROP
iptables -A OUTPUT -s news.qq.com -j DROP
iptables -A OUTPUT -s 61.135.157.72 -j DROP

#===========MASQUERADE ppp+ ================
iptables -t nat -A POSTROUTING -s 192.168.6.0/24 -d 0/0 -o ppp0 -j MASQUERADE

#=============DROP FORWARD===============
iptables -P FORWARD DROP
iptables -A FORWARD -p tcp -m multiport --dports 53,3128,25,110,22 -j ACCEPT
iptables -A FORWARD -p tcp -m multiport --sports 53,3128,25,110,22 -j ACCEPT
iptables -A FORWARD -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -p udp --dport 53 -j ACCEPT

#iptables -I INPUT -s 192.168.6.2 -j ACCEPT
#iptables -I FORWARD -s 192.168.6.2 -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
#iptables -A FORWARD -p tcp --sport 433 -j ACCEPT

#DROP MSN
iptables -A FORWARD -p tcp --dport 1863 -j DROP
iptables -A FORWARD -p udp --dport 1863 -j DROP
iptables -A FORWARD -p tcp --sport 1863 -j DROP
iptables -A FORWARD -p udp --sport 1863 -j DROP
iptables -A FORWARD -d 207.46.104.20 -j DROP
iptables -A FORWARD -d 207.46.110.0/24 -j DROP
iptables -A FORWARD -s 207.46.104.20 -j DROP
iptables -A FORWARD -s 207.46.110.0/24 -j DROP

#DROP dianlv,emule
iptables -A FORWARD -p udp --dport 8000 -j DROP
iptables -A FORWARD -p udp --dport 4000 -j DROP
iptables -A FORWARD -p tcp --dport 443 -j DROP
iptables -A FORWARD -p udp --dport 4661 -j DROP
iptables -A FORWARD -p udp --dport 4662 -j DROP
iptables -A FORWARD -p tcp --dport 4661 -j DROP
iptables -A FORWARD -p tcp --dport 4662 -j DROP
iptables -A FORWARD -p udp --sport 4661 -j DROP
iptables -A FORWARD -p udp --sport 4662 -j DROP
iptables -A FORWARD -p tcp --sport 4661 -j DROP
iptables -A FORWARD -p tcp --sport 4662 -j DROP

#deny ICMP
#iptables -A INPUT -p icmp -i ppp0 -j DROP
#ptables -A FORWARD -p icmp -j DROP
#iptables -A FORWARD -i eth0 -j ACCEPT
#iptables -A FORWARD -o eth0 -j ACCEPT
#iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Make sure that new TCP connections are SYN packets
iptables -A INPUT -i ppp0 -p tcp ! --syn -m state --state NEW -j DROP

## Do masquerading through ppp0
#iptables -t nat -A POSTROUTING -s 192.168.6.0/24 -d 0/0 -o ppp0 -j MASQUERADE

## SQUID
#iptables -t nat -A PREROUTING -i eth0 -p tcp -s 0/0 --dport 80 -j REDIRECT --to-ports 3128

## DNS
#ptables -A INPUT -i ppp0 -p udp -s 0/0 --sport 53 -m state --state ESTABLISHED -j ACCEPT
#ptables -A INPUT -i ppp0 -p udp -d 0/0 --dport 53 -j ACCEPT

iptalbes 配置文件配置文件 SKYEYE配置文件简化Spring(1)--配置文件理解 Linux 配置文件 log4j 配置文件全部写法 Struts配置文件详解 appfuse配置文件解读 apache配置文件httpd.conf Nutch 的配置文件 Struts配置文件详细讲解 log4j 常用配置文件 Linux 配置文件介绍理解Linux配置文件理解 Linux 配置文件 Linux网络服务配置文件详解 LINUX网络配置文件 log4j配置文件(xml版) linux之配置文件 OSCache 配置文件详解利用GetPrivateProfileString读取配置文件 vim配置文件 .vimrc Struts2.0配置文件 Web.config配置文件详解