# 7.0opentheotherserviceports/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport25-jACCEPT # SMTP/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport53-jACCEPT # DNS/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport80-jACCEPT # WWW/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport110-jACCEPT # POP3/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport113-jACCEPT # AUT/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport22222-jACCEPT # SS/sbin/iptables-AINPUT-pUDP-i $ EXTIF = "eth0" — dport138-jACCEPT # 138/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport139-jACCEPT # 139/sbin/iptables-AINPUT-pUDP-i $ EXTIF = "eth0" — dport137-jACCEPT # 137/sbin/iptables-AINPUT-pTCP-i $ EXTIF = "eth0" — dport445-jACCEPT # 445 iptables.allow code #!/bin/bas # thisprogramisusedtoallowsomeIPorhoststoaccessyourserver/sbin/iptables-AINPUT-i $ EXTIF = "eth0"-s192.168.161.242-jACCEPT/sbin/iptables-AINPUT-i $ EXTIF = "eth0"-s192.168.160.178-jACCEPT/sbin/iptables-AINPUT-i $ EXTIF = "eth0"-s192.168.160.218-jACCEPT iptables.deny code #!/bin/bas # ThisscriptwilldenysomeIPsthatIdon'twantinIN/sbin/iptables-AINPUT-i $ EXTIF = "eth0"-s192.168.160.242-jDROP above three files are placed in the directory, most/usr/local/virus/iptables in modifying this file/etc/rc.d/rc.local into the following code.
#!/bin/s # #Thisscriptwillbeexecuted*after*alltheotherinitscripts. #Youcanputyourowninitializationstuffinhereifyoudon't #wanttodothefullSysVstyleinitstuf. Touch/var/lock/subsys/local # Startingfirewallsettings/usr/local/virus/iptables/iptables.rule above is a simple setting under linux firewall.
No comments:
Post a Comment