我相信,开源改变世界!
分类: 系统运维
2014-04-11 18:15:16
#!/bin/bash
#description:This program is used to my iptables FireWall
#chkconfig:2345 85 15
case "$1" in
start)
echo "Start FireWall ..."
#allow relove dns server
iptables -A INPUT -p tcp --dport 53 -j ACCEPT;
iptables -A INPUT -p udp --dport 53 -j ACCEPT;
#allow related ESTABLISHED
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT;
iptables -A INPUT -m state --state INVALID -j DROP;
iptables -A INPUT -s 192.168.1.0/255.255.255.0 -j ACCEPT;
#allow web 80
iptables -A INPUT -p tcp --dport 80 -j ACCEPT;
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.6:8080;
#allow ssh 22
#allow ping
iptables -A INPUT -p icmp -j ACCEPT;
#allow local
iptables -A INPUT -i lo -p icmp -j ACCEPT;
#drop input all
iptables -A INPUT -j DROP;
iptables -A FORWARD -j DROP;
iptables -A OUTPUT -p icmp -j ACCEPT;
iptables -A OUTPUT -j ACCEPT;
;;
stop)
echo "Stop FireWall ..."
iptables -F
iptables -t nat -F
iptables -X
iptables -Z
service iptables save;
service iptables start;
;;
restart)
$0 stop;
$0 start;
echo "Restart FireWall ok !"
;;
*)
echo "Usage $0 {start|stop|restart}";
;;
esac
exit 0