Write the following command in the firewall. sh file:
# Vim/etc/firewall. sh
Iptables-F
Iptables-N FIREWALL
Iptables-F FIREWALL
Iptables-a input-j FIREWALL
Iptables-a forward-j FIREWALL
Iptables-a firewall-p tcp-m tcp? Dport 110? Syn-j ACCEPT
Iptables-a firewall-p tcp-m tcp? Dport 80? Syn-j ACCEPT
# Webmin
Iptables-a firewall-p tcp-m tcp? Dport 10000? Syn-jACCEPT
Iptables-a firewall-p tcp-m tcp? Dport 22? Syn-j ACCEPT
Iptables-a firewall-I lo-j ACCEPT
Iptables-a firewall-p udp-m udp? Sport 53-j ACCEPT
Iptables-a firewall-p tcp-m tcp? Syn-j REJECT
Iptables-a firewall-p udp-m udp-j REJECT
Then:
# Chmod 755/etc/firewall. sh
Continue, add firewall. sh to startup:
# Echo sh/etc/firewall. sh>/etc/init. d/rc. local
In this way, Debian adds a fire wall, which is easy to do. it is easy to use iptables to build a fire wall in Linux. of course, it is simple. the complexity should be carefully studied.
Clear command: iptables-F
View command: iptables-L
From: http://www.jansfer.com/200609/26/archive_272/
The firewall settings under rh are saved in the/etc/sysconfig/iptables file, so that the firewall settings are restored every time you restart the system.
\ R \ n
Debian Wood has this file, but it provides a more flexible way.
Http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup
\ R \ n
After reading this, it seems easier to set the interfaces file.
You can go to http://easyfwgen.morizot.net/gen/on-line to generate a fireproof wall, then pre-up
From: http://hi.baidu.com/pcabc/blog/item/c8feaad29a45a733960a1627.html
Because iptable configuration is troublesome, some simple configuration information is put here and will be used later.
Firewall configuration
To ensure server security, firewall is indispensable. run the following command with the root account:
Iptables-F
Iptables-N FIREWALL
Iptables-F FIREWALL
Iptables-a input-j FIREWALL
Iptables-a forward-j FIREWALL
Iptables-a firewall-p tcp-m tcp -- dport 993 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 995 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 110 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 143 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 80 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 443 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 465 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 22 -- syn-jACCEPT
Iptables-a firewall-p tcp-m tcp -- dport 25 -- syn-jACCEPT
Iptables-a firewall-I lo-j ACCEPT
Iptables-a firewall-p udp-m udp -- sport 53-j ACCEPT
Iptables-a firewall-p udp-m udp -- dport 161-j ACCEPT
Iptables-a firewall-p udp-m udp -- sport 6277-j ACCEPT
Iptables-a firewall-p udp-m udp -- sport 24441-j ACCEPT
Iptables-a firewall-p tcp-m tcp -- syn-j REJECT
Iptables-a firewall-p udp-m udp-j REJECT
Iptables-save>/etc/firewall-rules
Iptables-restore </etc/firewall-rules
Port 22 is open to all IP addresses for convenient management. Port 161 is an snmp port, which is enabled for remote monitoring, so it is optional. Ports 6277 and 24441 are the ports to be accessed by Razor/Pyzor/DCC/SA.
Run
Iptables-L
You can see the rules you set. if not, you can use iptables-F to clear the rules and reset them.
If you want to start the instance, edit/etc/network/interfaces and add it after iface lo inet loopback:
Pre-up iptables-restore </etc/firewall-rules
Or put it in the startup script:/etc/init. d/bootmisc. sh
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
