iptables - Setting Example #12013/07/28 |
This is an Example of setting iptables on the Server below.
Internet | +----------+ --------------------| Router |---------------------- +----------+ | LAN(10.0.0.0/24) +----------+ | +----------+ | | | 10.0.0.100| | | PC |------------------------------| Server | | | eth0| | +----------+ +----------+ |
* DROP INPUT by Default
* ACCEPT OUTPUT by Default * ACCEPT Established Connection * ACCEPT the Connection from loopback * ACCEPT Ping Connection for 5 times per a minites from internal network(10.0.0.0/24) * ACCEPT SSH Connection from internal network(10.0.0.0/24) |
|
[1] | Configure iptables |
[root@dlp ~]#
vi iptables.sh #!/bin/bash trust_host='10.0.0.0/24' my_host='10.0.0.100' /sbin/iptables -F /sbin/iptables -X /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD DROP /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT /sbin/iptables -A INPUT -p icmp --icmp-type echo-request -s $trust_host \ -d $my_host -m limit --limit 1/m --limit-burst 5 -j ACCEPT /sbin/iptables -A INPUT -p tcp -m state --state NEW -m tcp -s $trust_host \ -d $my_host --dport 22 -j ACCEPT /etc/rc.d/init.d/iptables save /etc/rc.d/init.d/iptables restart sh iptables.sh iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: ip_tables: (C) 2000-2006 Netfilter Core Team nf_conntrack version 0.5.0 (16384 buckets, 65536 max) [ OK ] |
Sponsored Link |