IPT = " /Sbin/iptables " $ IPT -- Delete- Chain $ IPT -- Flush $ IPT -P input drop # 1 $ IPT -P forward drop # 1 $ IPT -P output drop # 1 $ IPT -A input-M state -- state related, established-J accept # 2 $ IPT -A input-p tcp-m tcp -- dport 80 -J accept # 3 $ IPT -A input-p tcp-m tcp -- dport 22 -J accept # 3 $ IPT -A input-p tcp-m tcp -- dport 21 -J accept # 3 $ IPT -A input-p tcp-m tcp -- dport 873 -J accept # 3 $ IPT -A input-I lo-J accept # 4 $ IPT -A input-p icmp-m icmp -- ICMP-type 8 -J accept # 5 $ IPT -A input-p icmp-m icmp -- ICMP-type 11 -J accept # 5 $ IPT -A output-M state -- state related, established-J accept # 6 $ IPT -A output-p udp-m udp -- dport 53 -J accept # 7 $ IPT -A output-O lo-J accept # 4 $ IPT -A output-p tcp-m tcp -- dport 80 -J accept # 8 $ IPT -A output-p tcp-m tcp -- dport 25 -J accept # 9 $ IPT -A output-p icmp-m icmp -- ICMP-type 8 -J accept # 10 $ IPT -A output-p icmp-m icmp -- ICMP-type11 -J accept # 10 Service iptables saveservice iptables restart
Save as the script iptables. SH and execute sh iptables. Sh to automatically configure the firewall.
Explanation:
#1. Set input, forward, and output chain to drop by default, that is, external communication with the server is not allowed.
#2. set to allow data to enter the server when the connection status is related and established.
#3. Set ports 80, 22, and 21,873 for external clients to connect to the server.
#4. allow internal data to be recycled.
#5. allow external ping to the server.
#6. Data in the related and established statuses can be sent from the server to the outside.
#7. Allow the server to use external DNS for domain name resolution.
#8. Set the server to connect to port 80 of the external server.
#9. Allow the server to send emails.
#10. allow external ping from the server.
ArticleSource:Http://www.centos.bz/2011/09/example-webserver-iptable-ruleset/