A shell script to open/close an appointed port in linux via iptables firewall。
[Chinese]一个利用iptables打开/关闭linux上制定端口的脚本

Firstly, I just want to close the NTP service port 37, so I just do that:

---

:~# iptables -A INPUT --dport 37 -j DROP

---

but I got an error:

---

iptables v1.2.11: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information.

---

Then I fixed it, for the '--dport' arg should be used with the '-d' or '-p' args, couldn't use alone.

---

:~# iptables -A INPUT -p udp -d 172.31.3.153 --dport 37 -j DROP

---

Now it works.
Then I just write a script to do close/open appointed port work.

---

#!/bin/sh

if [[ $# -lt 1 || "$1" != "close" && "$1" != "open" ]]
then
    echo "Usage: port37.sh open/close"
    exit 1
fi

HOSTIP="172.31.3.153"

# set variables according to param 1
if [ $1 == "open" ]; then
        COMMAND_ARG="-D"
        if [ !$(iptables --list |grep $HOSTIP) ]; then
                echo "Port 37 is opened."
                exit 1
        fi
else
        COMMAND_ARG="-A"
        if iptables --list |grep $HOSTIP > /dev/null ; then
                echo "Port 37 is closed"
                exit 1
        fi
fi

iptables $COMMAND_ARG INPUT -p udp -d $HOSTIP --dport 37 -j DROP

---

this script wors under debian 3.3.

Thanks Google.