Home > Developer > Linux

How is linux:-firewall iptables customized?

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Main script iptables.sh, accessory directory FUNCTIONS/IPTABLES.D

Each server holds a unique identity tag/usr/local/etc/identity

├──iptables.sh

├──functions
│├──iptables.d
││├──37w
││├──521
││└──937

Main script iptables.sh

#!/bin/sh####################################### purpose:    to set up  Iptables rules# Author:     Handonglin# Game:      lhzs# date:          2016/06/21############ ######################## #modprobe  ipt_masquerademodprobe ip_conntrack_ftpmodprobe ip_nat_ftp### ################################################################################################## global  setting ########################################################################################### ##############/sbin/iptables -f/sbin/iptables -x/sbin/iptables -p input  drop/ sbin/iptables -p forward drop/sbin/iptables -p output accept/sbin/iptables  -a input -i lo -j accept/sbin/iptables -a input -p icmp -j  accept/sbin/iptables -a input -m state --state established,related -j accept######## ############################################################################################ global  rules ################################################################################################### #########/sbin/iptables -a input -p tcp -s x.x.x.x,x.x.x.x -m comment  --comment  "Corporate office network"  -j accept/sbin/iptables -a input -p tcp -s  x.x.x.x,x.x.x.x -m comment --comment  "Fire God Two-line center machine"  -j accept/sbin/iptables  -a input -p tcp -s x.x.x.x,x.x.x.x --dport x -m comment  --comment  "operation and maintenance of two-line monitoring Center"  -j accept/sbin/iptables -a input -p tcp -s  0/0 --dport x:x -m comment --comment  "VSFTPD Open port"  -j accept##### ####################################################################################################### #set  -e. $ ( Dirname ${0})/functions/vars && source ${_path_of_identity_}. $ (dirname  ${0})/functions/iptables.d/521. $ (dirname ${0})/functions/iptables.d/937. $ (dirname ${0})/ functions/iptables.d/37wcase  "${platform}"  in     "937")          _Rulesby_937        ;;      "37W" | " 671 "|" LIE ")         _Rulesby_37w         ;;     *)         _Rulesby_521         ;; esacset +e/etc/rc.d/init.d/iptables save# (END)

Subordinate directory sub-functions 

#!/bin/sh####################################### purpose:    to set up  Iptables rules# Author:     Handonglin# Game:      lhzs# date:          2016/06/21############ ######################### #_Rulesby_521 () {    case ${type} in         engine)                              /sbin/iptables  -a input -p tcp -s x.x.x.x,x.x.x.x --dport xxxx -m comment  --comment  background 1 Access role Library  -j ACCEPT                 /sbin/iptables -a input -p tcp -s x.x. x.x,x.x.x.x --dport xxxx -m comment --comment  "Backstage 2 access Role Library"  -j ACCEPT                     /sbin/iptables  -a input -p tcp -s 0/0 --dport x:x -m comment -- comment  "Game Gateway Gateserver"  -j ACCEPT                     /sbin/iptables -a input -p tcp  -s x.x.x.x,x.x.x.x --dport xxxx -m comment --comment  "official website visit role Library"  - j accept                ;;             kuafu)                  /sbin/iptables -a input -p  tcp -s 0/0 --dport xxxx:xxxx -m comment --comment  "Open cross-service gateway Gateserver"  -j accept                 /sbin/iptables  -a input -p tcp -s 0/0 --dport xxxx:xxxx -m comment -- comment  "Open cross-service Dbcenterserver"  -j ACCEPT                     /sbin/iptables -a input -p  tcp -s x.x.x.x,x.x.x.x --dport xxxx -m comment --comment  " Background 1 access to cross-service log library  -j ACCEPT                 /sbin/iptables -a input -p tcp -s x.x.x.x,x.x.x.x --dport  xxxx -m comment --comment  "Background 2 access cross-service log Library"  -j ACCEPT         &nbSp;       /sbin/iptables -a input -p tcp -s x .x.x.x,x.x.x.x --dport xxxx -m comment --comment  "official website access to role library"  -j ACCEPT                 ;;             common)                  /sbin/iptables -a input -p  tcp -s 0/0 --dport xxxx -m comment --comment  "Manage background backstage"  -j ACCEPT                 /sbin/iptables -a input -p tcp -s 0/0 --dport xxxx:xxxx -m  comment --comment  "Name nameserver"  -j ACCEPT             &nbSp;   /sbin/iptables -a input -p tcp -s 0/0 --dport xxx x:xxxx -m comment --comment  "Session Sessionserver"  -j ACCEPT                 /sbin/iptables -a input  -p tcp -s 0/0 --dport xxxx:xxxx -m comment --comment  " Comprehensive log Loggerserver " -j ACCEPT                 /sbin/iptables -A INPUT -p tcp -s 0/0 -m  multiport --dport xxxx,xxxx -m comment --comment  "Recharge Amserver"  -j  accept                /sbin/ Iptables -a input -p tcp -s 0/0 --dport xxxx:xxxx -m comment  --comment  "Log LoggerservER chat monitoring " -j ACCEPT                 ;;             web)                  /sbin/iptables -a input -p  tcp -s x.x.x.x,x.x.x.x --dport xxxx -m comment --comment  " Background 1 access to the site database " -j ACCEPT                 /sbin/iptables -a input -p tcp -s x.x.x.x,x.x.x.x --dport  xxxx -m comment --comment  "Background 2 access to site database"  -j ACCEPT                 /sbin/iptables -a input  -p tcp -s x.x.x.x,x.x.x.x --dport xxxx -m comment --comment   "Integrated 1 access to Web site database"  -j accept                 /sbin/iptables -a input -p tcp -s x.x.x.x,x.x.x.x --dport xxxx  -m comment --comment  "Comprehensive 2 access to the site database"  -j ACCEPT                     /sbin/iptables -a  INPUT -p tcp -s 0/0 --dport xxxx -m comment --comment  "Open website"  -j ACCEPT                 ;;             res)                  /sbin/iptables -a input -p  tcp -s 0/0 --dport xxxx -m comment --comment  "Open access to resources"  -j  accept                ;;         data)                  /sbin/iptables -a input -p tcp -s 0/0  --dport xxxx:xxxx -m comment --comment  "Open saltstack port"  -j accept                 ;;     ESAC}


This article is from the "Ithandonglin" blog, make sure to keep this source http://ithandonglin.blog.51cto.com/12414114/1888555

How is linux:-firewall iptables customized?

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More