Commonly used iptables scripts
#! /Bin/bashexport PATH =/sbin:/usr/sbin:/bin:/usr/biniptables-Fiptables-Xiptables-Z # remote SSH Login, we need to enable port 22 iptables-a input-p tcp -- dport 22-j ACCEPT # WEB server, enable port 80 iptables-a input-p tcp -- dport 80-j ACCEPT # email server, and enable port 25,110. iptables-a input-p tcp -- dport 110-j ACCEPTiptables-a input-p tcp -- dport 25-j ACCEPT # FTP server, enable Port 20 and port 21 iptables-a input-p tcp-m multiport -- dport 21,60000: 60050-j ACCEPT # If the DNS server is used, enable port 53 iptables-a input-I lo-j ACCEPTiptables-A INPUT-p udp -- sport 53-j ACCEPTiptables-A INPUT-p udp -- dport 53-j ACCEPT # PING set # iptables-a input-p icmp -- icmp-type 8-s 0/0-j DROP # therefore, discarding requests from others should be able to PING requests from others. # iptables- OUTPUT-p icmp -- icmp-type 0-s localip-j DROP # In fact, we can not discard all packets. How can we send A response packet? iptables-a input-p icmp -- icmp -type 8-s 0/0-j ACCEPTiptables-a input-p icmp- -Icmp-type 0-s 0/0-j ACCEPTiptables-a output-p icmp -- icmp-type 0-s $ FW_IP-j ACCEPTiptables-a output-p icmp -- icmp-type 8 -s $ FW_IP-j ACCEPT # Open the local machine to external port 80 iptables-a input-p tcp! -- Syn-s any/0 -- sport 80 -- dport 1024: 65535-j ACCEPTiptables-p input drop/etc/rc. d/init. d/iptables saveservice iptables restart
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
