Using Iptables to build Linux firewalls (2)

Land and application examples

#!/bin/sh

#

# Stone Licensing Country Small firewall set instruction draft

# 2002/8/27

# set by: Li Zhongxian (modified from iptables tutorial 1.1.11 by Oskar Andreasson)

# The original document is designed in accordance with the requirements of the DMZ, has been modified according to the needs of the campus NAT network, the remaining changes include:

# New communication Protocol definition block

# when new execution, automatically clears the set of rules

# support FTP

# Modify all rules and multiport to simplify the rules

# The original file only supports IP camouflage (one-to-many pair should), has been expanded to support one-to-one correspondence and Many-to-many correspondence

# Original file only support DNS and the WEB, add ftp, mail, WAM, PCAnywhere, ssh ... and many other servers

# Modify a few minor errors on the set of rules

#

# Copyright (C) 2001 Oskar Andreasson <bluefluxATkoffeinDOTnet>

#

# this are free software; You can redistribute it and/or modify

# It under the terms of the GNU general public License as published by

# the free Software Foundation; Version 2 of the License.

#

# This are distributed in the hope that it'll be useful,

# but without any WARRANTY; Without even the implied warranty of

# merchantability or FITNESS for A particular purpose. The

# GNU general public License for more details.

#

# You should have received a copy of the GNU general public License

# along with this program, or from the site-you downloaded it

# from; If not, write to the free Software Foundation, Inc., Temple

# Place, Suite, Boston, MA 02111-1307 USA

#

###########################################################################

#

# 1. Configuration options.

#

# 1.0 Protocols Configuration.

# defines the communication protocol to be used

http= "80"

https= "443"

ftp= "21"

Ftp_data= "20"

Smtp= "25"

pop3= "110"

imap= "143"

Ssh= "22"

telnet= "23"

pcaw_tcp= "5631"

pcaw_udp= "5632"

Webmin= "10000"