#!/bin/bash # This program is for iptables' rules # VBird 2003/05/02 # # 0. PATH and modules PATH=/sbin:/bin:/usr/sbin:/usr/bin export PATH modprobe ip_tables modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc # # 1. clear the rules and make the policys iptables -F iptables -X iptables -Z iptables -F -t nat iptables -X -t nat iptables -Z -t nat iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT iptables -t nat -P OUTPUT ACCEPT
#
# 2. NAT services
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth1 -j MASQUERADE
#
# 3. Trust network and conditions
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m mac --mac-source XX:YY:ZZ:WW:QQ:PP -j ACCEPT
# 上面这一行就是网络卡的卡号啦!
--------------------next---------------------
阅读(409) | 评论(0) | 转发(0) |
