jerry@Ubuntu:~$ cat /etc/init.d/iptables.2006.06.08
代码: 全选
#!/bin/bash
# This program is used to use start my iptables.
#History :
# Sat Jun 17 23:22:01 CST 2006 Jerry Second realease
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:~/bin
export PATH
case "$1" in
start)
echo -n "Staring to write your Iptbales:..."
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 77 -j ACCEPT ssh服务,默认22
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP
echo "Ok"
;;
stop)
echo -n "Cleaning your Iptables:..."
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
echo "Ok"
;;
restart)
echo -n "Cleaning your Iptables:..."
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
echo "Ok"
echo -n "Staring to write your Iptbales:..."
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP
/sbin/iptables -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 77 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p all -m state --state INVALID,NEW -j DROP
echo "Ok"
;;
*)
echo "Usage: $0 {start|stop|restart}"
esac
exit 0
sudo chmod +x /etc/init.d/iptables.2006.06.08 加上可执行
sudo ln -s /etc/init.d/iptables.2006.06.08 /etc/rcS.d/S42iptables.2006.06.08
这样开机就能自己启动了。当然你也可以把它当服务启动
jerry@Ubuntu:~$ sudo /etc/init.d/iptables.2006.06.08 start
Staring to write your Iptbales:...Ok
jerry@Ubuntu:~$ sudo iptables -L -n 检查规则。
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:77
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
==================================================================================================
当然这里的规则写的不是很全,希望大家提出及修改。