The iptables script is a very simple iptables script. You only need to write the port to be opened to the "$ MPort" variable. Remember that up to 16 ports are allowed. Although this script is simple, it can meet our basic requirements. Sometimes, simple scripts play a greater role. Being complicated and bloated will not only be difficult to understand, but also slow down the processing speed of machines.
Explanations
Modprobe nf_conntrack_ftp ports = 21
Modprobe nf_nat_ftp
Open the FTP port and load the two modules. If you have modified the default FTP connection port, you also need to modify it here: "modprobe nf_conntrack_ftp ports = 21"
Iptables-a input-s 127.0.0.1/32-j ACCEPT
Local Loop, this is required.
Iptables-a input-p tcp-m state-state related, established-j ACCEPT
Match the existing connection and related to the existing connection, which is required by FTP.
Iptables-a input-p icmp-type 8-m limit-limit 1/s-limit-burst 3-j ACCEPT
Limit the ping check speed.
Iptables script iptables. sh
#! /Bin/bash
# Author: InBi
# Date: 2011-08-16
# Website: http://www.itwhy.org/2011/07-28/912.html
######################################## ##########
MPort = ", 21, 80"
######################################## ##########
Modprobe nf_conntrack_ftp ports = 21
Modprobe nf_nat_ftp
/Sbin/iptables-t filter-Z; iptables-t filter-F; iptables-t filter-X
/Sbin/iptables-p input drop; iptables-p output accept; iptables-P FORWARD DROP
/Sbin/iptables-a input-p tcp-m state -- state related, established-j ACCEPT
/Sbin/iptables-a input-p tcp! -- Syn-m state -- state new-j DROP
/Sbin/iptables-a input-s 127.0.0.1/32-j ACCEPT
/Sbin/iptables-a input-p udp -- sport 53-j ACCEPT
/Sbin/iptables-a input-p tcp-m multiport -- dports $ MPort-j ACCEPT
/Sbin/iptables-a input-p icmp -- icmp-type 8-m limit -- limit 1/s -- limit-burst 3-j ACCEPT Save the above content to iptables. sh (the file name is self-obtained), and then the execution permission is added. It will be OK after you add the command to start the system.