On-line Linux servers are basically configured to iptables to enhance security.
*filter
: INPUT DROP [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT DROP [0:0]
-A input-m state--state related,established-j ACCEPT
-A input-i lo-j ACCEPT
-A input-i eth0-j ACCEPT
-A input-s 10.0.0.0/8-j ACCEPT #这里设置允许内网IP通信
-A input-p tcp-m multiport--sports 443-j ACCEPT
-A input-p tcp-m multiport--dports 220,123,22223-j ACCEPT
-A output-p icmp-j ACCEPT
-A output-m state--state related,established-j ACCEPT
-A output-p tcp-m multiport--sports 220,10050,10051-j ACCEPT
-A output-p tcp-m multiport--dports 80,443-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT
-A input-s 1.2.3.4-p tcp-m tcp--dport 3306-j ACCEPT #给mysql连接设置远程连接控制.
-A input-m state--state new-m tcp-p TCP--dport 873-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 4505-j ACCEPT
-A input-m state--state new-m tcp-p TCP--dport 4506-j ACCEPT
-A input-j REJECT--reject-with icmp-host-prohibited
-A output-o lo-j ACCEPT
-A output-o eth0-j ACCEPT
-A output-d 10.0.0.0/8-j ACCEPT
COMMIT
Here is a simple iptables template, can be controlled according to their actual situation, reduce or add.