iptables.sh 初始化防火墙配置

#!/bin/bash

iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#---------------------------------------------------------------SMG start

#limit
#iptables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 128 --connlimit-mask 32 -j DROP
#To ensure that the connection is normal
iptables -A INPUT -p all  -m state --state RELATED,ESTABLISHED -j ACCEPT

#nginx common access
iptables -A INPUT -p tcp --dport 80 -j ACCEPT

#iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -s SLB -j ACCEPT

#Yum
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --sport 8080 -j ACCEPT
iptables -A INPUT -p tcp --sport 443 -j ACCEPT

#db slb
iptables -A INPUT -s XXXX -j ACCEPT

#for zabbix:
iptables -A INPUT -s XXXX -j ACCEPT

#for jump
iptables -A INPUT -s XXXX -j ACCEPT
iptables -A INPUT -s XXXX -j ACCEPT



##dns
iptables -A INPUT -p tcp --sport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT

##for ping:
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT


### end ###
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
iptables -A INPUT -j DROP