欢迎进入网络技术社区论坛,与200万技术人员互动交流 >>进入
最后,我把完整的脚本写出来如下,你只要修改常量定义部分,就能表现出较大的伸缩性^_^ #!/bin/bash # This is a script # Edit by liwei # establish a static firewall # define const here Open_ports=”80 25 110 10″ # 自己机器对外开放的端口 Allow_ports=”53 80 20 21″ # internet的数据可以进入自己机器的端口 #init iptables -F iptables -X iptables -t nat -F iptables -t nat -X # The follow is comment , for make it better # iptables -P INPUT DROP iptables -A INPUT -i ! ppp0 -j ACCEPT # define ruler so that some data can come in. for Port in “Allow_ports” ; do ptables -A INPUT -i ppp0 -p tcp -sport $Port -j ACCEPT iptables -A INPUT -i ppp0 -p udp -sport $Port -j ACCEPT done for Port in “Open_ports” ; do iptables -A INPUT -i ppp0 -p tcp -dport $Port -j ACCEPT iptables -A INPUT -i ppp0 -p udp -dport $Port -j ACCEPT done # This is the last ruler , it can make you firewall better iptables -A INPUT -i ppp0 -p tcp -j REJECT –reject-with tcp-reset iptables -A INPUT -i ppp0 -p udp -j REJECT –reject-with icmp-port-unreachable
[1][2][3][4]
一个积极奋进的目标,一种矢志不渝的追求。
