| | 1 | = iptables & Firewall rules = |
| | 2 | |
| | 3 | CentOS系统默认路径: /etc/sysconfig/iptables |
| | 4 | |
| | 5 | Debian自定义路径: /etc/iptables.rule |
| | 6 | |
| | 7 | {{{ |
| | 8 | # Generated by iptables-save v1.4.8 on Thu May 8 09:32:08 2014 |
| | 9 | *filter |
| | 10 | :INPUT DROP [1515:291592] |
| | 11 | :FORWARD ACCEPT [0:0] |
| | 12 | :OUTPUT ACCEPT [3146:251073] |
| | 13 | -A INPUT -i lo -j ACCEPT |
| | 14 | -A INPUT -i ppp+ -j ACCEPT |
| | 15 | -A INPUT -i tun+ -j ACCEPT |
| | 16 | -A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT |
| | 17 | -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT |
| | 18 | -A INPUT -i eth0 -p tcp -m tcp --dport 993 -j ACCEPT |
| | 19 | -A INPUT -i eth0 -p udp -m udp --dport 500 -j ACCEPT |
| | 20 | -A INPUT -i eth0 -p udp -m udp --dport 1701 -j ACCEPT |
| | 21 | -A INPUT -i eth0 -p udp -m udp --dport 4500 -j ACCEPT |
| | 22 | -A INPUT -p icmp -m limit --limit 1/sec -j ACCEPT |
| | 23 | -A INPUT -p tcp -m tcp --dport 22 -m recent --rcheck --seconds 60 --hitcount 6 --name SSH --rsource -j LOG --log-prefix "SH " |
| | 24 | -A INPUT -p tcp -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 6 --name SSH --rsource -j DROP |
| | 25 | -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name SSH --rsource -j ACCEPT |
| | 26 | -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT |
| | 27 | COMMIT |
| | 28 | # Completed on Thu May 8 09:32:08 2014 |
| | 29 | }}} |
| | 30 | |
| | 31 | |
