#/Bin/bash
# Created by onovps.com
Sshport = 'netstat-lnp | awk-F "[] + | [:]" '/sshd/{print $5 }''
Iptables-F # Clear built-in rules
Iptables-X
Iptables-p input drop # The local data packet is rejected by default.
Iptables-p output accept # This outgoing packet is allowed
Iptables-a input-I lo-j ACCEPT # Allow local loopback
Iptables-a input-m state -- state INVALID-j LOG -- log-prefix "INVALID" -- log-ip-options
# Record invalid data packets and discard them
Iptables-a input-m state -- state INVALID-j DROP
Iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT
# Allow inbound data packets related to established connections
Iptables-a input-m state -- state NEW-p tcp -- dport 80-j ACCEPT
# Allow a new connection with the target port 80 to enter www.2cto.com
Iptables-a input-m state -- state NEW-p tcp -- dport $ sshdport-j ACCEPT
# Allow new connections with the target port 22 to enter
Iptables-a input-p icmp -- icmp-type echo-request-m limit -- limit 5/s -- limit-burst 20-j ACCEPT
# Ping response is allowed, with a maximum of 20 requests per second.
Service iptables save # save rules
Note: Do not execute them one by one. It is best to save it as a script and run it to avoid shutting yourself out of the external area. You can also set a scheduled task to close the iptables firewall five minutes later to avoid any exceptions.