# Delete existing rules in iptables
Iptables-F
Iptables-x
# Discard all data packets that do not comply with the three chain rules
Iptables-P input drop
Iptables-P output drop
Iptables-P forward drop
Iptables-A input-I lo-J accept
Iptables-A output-O lo-J accept
Iptables-A input-I eth0-M state -- State established, related-J accept
Iptables-A input-p udp-I eth0 -- Sport 53 -- dport 1024: 65535-J accept
Iptables-A output-p udp-O eth0 -- dport 53 -- Sport 1024: 65535-J accept
Iptables-A input-p tcp-I eth0 -- dport 22 -- Sport 1024: 65535-M state -- state new-J accept
Iptables-A output-p udp-O eth0 -- dport 22 -- Sport 1024: 65535-J accept
Iptables-A input-p tcp-I eth0 -- dport 80 -- Sport 1024: 65535-M state -- state new-J accept
Iptables-A output-p udp-O eth0 -- dport 80 -- Sport 1024: 65535-J accept
Iptables-A input-p tcp-I eth0 -- dport 20 -- Sport 1024: 65535-M state -- state new-J accept
Iptables-A output-O eth0-p tcp -- Sport 1024: 65535 -- dport 20-J accept
Iptables-A input-p tcp-I eth0 -- dport 21 -- Sport 1024: 65535-M state -- state new-J accept
Iptables-A output-O eth0-p tcp -- Sport 1024: 65535 -- dport 21-J accept
Iptables-A input-I eth0-M state -- state new, invalid-J log
# Service iptables save labor results (save Rules)
Save the added rule to the/etc/sysconfig/iptables file.
Or use # iptables-save>/etc/sysconfig/iptables
The rules in this file will be loaded when the system starts.
Iptables link: http://bash.cyberciti.biz/firewall/linux-iptables-firewall-shell-script-for-standalone-server/ Http://www.nathanpralle.com/software/firewall.html Http://defindit.com/readme_files/iptables.html Http://www.robbiebow.co.uk/firewall.config Iptables: http://danieldegraaf.afraid.org/info/iptables/examples Iptables: http://easyfwgen.morizot.net/gen/ Http://www.study-area.org/linux/linuxfr.htm: Linux VI: http://www.51cto.com/art/200709/57153.htm Http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables |