#!/bin/bash # ####################################################################### # iptables rules ####################################################################### # # Flush current V4 polices iptables -t nat -F iptables -t mangle -F iptables -F iptables -X # Set default chain policies iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P INPUT DROP # Drop null packets iptables -I INPUT -p tcp --tcp-flags ALL NONE -j DROP # DROP syn-flood packets iptables -I INPUT -p tcp ! --syn -m state --state NEW -j DROP # DROP XMAS packets iptables -I INPUT -p tcp --tcp-flags ALL ALL -j DROP # Accept on localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Accept on local network (optional) iptables -A INPUT -s 192.168.0.1/24 -j ACCEPT iptables -A OUTPUT -s 192.168.0.1/24 -j ACCEPT # Accept incoming SSH (default) iptables -I INPUT -p tcp --dport 22 -j ACCEPT # Accept incoming SSH iptables -A INPUT -p tcp -s 55.55.55.55 -m tcp --dport 19780 -j ACCEPT iptables -A INPUT -p tcp -s 55.55.55.55 -m tcp --dport 19780 -j ACCEPT # Accept incoming HTTPS for SoftEther (default) iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Accept incoming OpenVPN iptables -A INPUT -p udp --dport 1194 -j ACCEPT # Accept incoming IPsec #iptables -A INPUT -p udp --dport 500 -j ACCEPT #iptables -A INPUT -p udp --dport 4500 -j ACCEPT # Allow established sessions to receive traffic iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT ######################################### ### End of rules ######################################### # Save Changes service iptables save # Service systemctl restart iptables systemctl status iptables
iptables rules
2019-12-13 20:35:07
阅读 803 次
评论 0 条
发表评论