本文共 684 字,大约阅读时间需要 2 分钟。
- #!/bin/bash
- IPNET=172.16.0.0/16
- IP=172.16.21.1
- PORTS="22,80,443,3000,199,3306,873,25,110"
- LIM="-m limit --limit 25/minute --limit-burst 100 -j ACCEPT"
- ICMP="-p icmp --icmp-type"
- TCP="-p tcp -m multiport"
- INPUT="iptables -A INPUT"
- OUTPUT="iptables -A OUTPUT"
- DEFAULT="iptables -P"
- AC="-m state --state NEW,ESTABLISHED -j ACCEPT"
- BC="-m state --state ESTABLISHED -j ACCEPT"
-
-
- $DEFAULT INPUT DROP
- $DEFAULT OUTPUT DROP
- $DEFAULT FORWARD DROP
-
- $INPUT -s $IPNET $TCP --dports $PORTS $AC
- $OUTPUT -d $IPNET $TCP --sports $PORTS $BC
-
- $OUTPUT $ICMP echo-request $LIM
- $INPUT $ICMP echo-reply $LIM
- $OUTPUT $ICMP echo-reply $LIM
- $INPUT $ICMP echo-request $LIM
转载于:https://blog.51cto.com/leezqang/889949