Iptables-f
Iptables-x
Iptables-z
Iptables-p INPUT DROP
Iptables-p OUTPUT ACCEPT
Iptables-p FORWARD ACCEPT
Iptables-a input-p TCP--dport 56388-j ACCEPT
Iptables-a input-p TCP--dport 53-j ACCEPT
Iptables-a input-p UDP--dport 53-j ACCEPT
Iptables-a input-p TCP--sport 53-j ACCEPT
Iptables-a input-p UDP--sport 53-j ACCEPT
Iptables-a input-p icmp-j ACCEPT
Iptables-a output-p TCP--dport 31337-j DROP
Allow Yum
Iptables-a input-m State--state established,related-j ACCEPT
Iptables-a output-m State--state established,related-j ACCEPT
Iptables-a output-p UDP--dport 53-j ACCEPT
Iptables-a output-o lo-j ACCEPT #将本机设置为信任设备
Iptables-a output-p TCP--sport 10000:65535-j ACCEPT
Execute script
#!/bin/bash
Iptables-f
Iptables-x
Iptables-z
Iptables-p INPUT DROP
Iptables-p OUTPUT ACCEPT
Iptables-p FORWARD ACCEPT
Iptables-a input-p TCP--dport 56388-j ACCEPT
Iptables-a input-p TCP--dport 53-j ACCEPT
Iptables-a input-p UDP--dport 53-j ACCEPT
Iptables-a input-p TCP--sport 53-j ACCEPT
Iptables-a input-p UDP--sport 53-j ACCEPT
Iptables-a input-p icmp-j ACCEPT
Iptables-a output-p TCP--dport 31337-j DROP
Iptables-a input-m State--state established,related-j ACCEPT
Iptables-a output-m State--state related,established-j ACCEPT
Iptables-a output-p UDP--dport 53-j ACCEPT
Iptables-a Output-o lo-j ACCEPT
Iptables-a output-p TCP--sport 10000:65535-j ACCEPT
/etc/init.d/iptables Save
Iptables-save >/tmp/myipt.rule
#iptables-restore </tmp/myipt.rule
This article is from the "Bill of Operations Notes" blog, please be sure to keep this source http://chenshoubiao.blog.51cto.com/6159058/1891901
Iptables rules for DNS servers