共享一個iptables的shell指令碼檔案

Love Lenka發表於2020-06-10
#!/bin/bash
#firewall-cmd --state
systemctl stop firewalld.service
systemctl disable firewalld.service
# Enable the classic firewall
yum install -y iptables-services
# 22: ssh; 873: rsync;  nfs: 111,2049
# file 22 80 443 3306  2181 8015 8019 8065 8069 8180 8680 20889 32000 33930
#2181 dubbo, zookeeper, 3306  8015 8019 8065 8069 8180 8680 20889 32000 33930
allow_ports=(20 21 22 80 443 3306)
#allow_ports=(22 80 443 3306 8015 8019 8025 8029 8035 8039 8055 8059 8105 8180 8205 8209 8280 8380 8480 8880 8889 9999 10000 11211 20883 20885 20886 20887 20888 21880 27017 28180 32000)
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
# localhost pass
iptables -t filter -I INPUT 1 -i lo -j ACCEPT
# allow memcached connect
# Open to the public port
for port in ${allow_ports[@]}
do
    echo "iptables -A INPUT -p tcp --dport=$port -j ACCEPT"
    iptables -A INPUT -p tcp --dport=$port -j ACCEPT
done
# allow UDP,icmp 
iptables -A INPUT -p udp -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
# Allow the already established connection
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#Beyond the rules chain (the default) : come in DROP, allowed to go out, to allow forwarding
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
service iptables save
service iptables restart
systemctl restart iptables.service
systemctl enable iptables.service

 

相關文章