ICMP-related applications
Make yourself unable to ping 127.0.0.1
Iptables-a input-s 127.0.0.1-p icmp-j DROP
The IP address range of 192.168.0.0/24 cannot be pinged to the local machine.
Iptables-a input-s 192.168.0.0/24-p icmp-j DROP
Disable all machines
# Iptables-a input-s 0/0-p icmp-j DROP
# ICMP (PING) accept! Echo-request
/Sbin/iptables-a input-p icmp -- icmp-type! Echo-request-j ACCEPT
Accept_redirects
# Echo "0">/proc/sys/net/ipv4/conf/all/accept_redirects
Or
# Sysctl net. ipv4.conf. all. accept_redirects = "0"
Prohibit IP Access to yourself
[Root @ linux root] # iptables-a input-s 192.168.0.253-j DROP
Blocking MSN
/Sbin/iptables-I FORWARD-d gateway.messenger.hotmail.com-j DROP
/Sbin/iptables-I FORWARD-p tcp -- dport 1863-j DROP
Block QQ
/Sbin/iptables-a forward-p tcp-d tcpconn.tencent.com -- dport 80-j DROP
/Sbin/iptables-a forward-p tcp-d tcpconn.tencent.com -- dport 443-j DROP
/Sbin/iptables-a forward-p tcp-d tcpconn2.tencent.com-j DROP
/Sbin/iptables-a forward-I eth0-p udp -- dport 8000-j DROP
Blocking BT
/Sbin/iptables-a forward-I eth0-p tcp -- dport 6881: 6890-j DROP
WWW
# Prohibit> WWW
/Sbin/iptables-a forward-p tcp -- dport 80-j DROP
# Open> WWW
/Sbin/iptables-a forward-p tcp -- dport 80-j ACCEPT
FTP
# Disable FTP
/Sbin/iptables-a forward-I eth0-p tcp -- dport 20-j DROP
/Sbin/iptables-a forward-I eth0-p tcp -- dport 21-j DROP
# Open FTP
/Sbin/iptables-a forward-I eth0-p tcp -- dport 20-j ACCEPT
/Sbin/iptables-a forward-I eth0-p tcp -- dport 21-j ACCEPT
SMTP, POP3
# Disable SMTP and POP3
/Sbin/iptables-a forward-I eth0-p tcp -- dport 25-j DROP
/Sbin/iptables-a forward-I eth0-p tcp -- dport 110-j DROP
# Enable SMTP and POP3
/Sbin/iptables-a forward-I eth0-p tcp -- dport 25-j ACCEPT
/Sbin/iptables-a forward-I eth0-p tcp -- dport 110-j ACCEPT
Samba
# Disable Samba
[Root @ linux root] # iptables-a forward-p tcp -- sport 137: 139-j DROP
[Root @ linux root] # iptables-a forward-p udp -- sport 137: 139-j DROP
DROP
# DROP OTHERS
/Sbin/iptables-a forward-I eth0-m state -- state ESTABLISHED, RELATED-j ACCEPT
/Sbin/iptables-a forward-s 192.168.1.0/24-j DROP