#!/bin/bash iptables -F iptables -X iptables -Z iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT #---------------------------------------------------------------SMG start #limit #iptables -A INPUT -p tcp -m tcp --dport 80 --tcp-flags FIN,SYN,RST,ACK SYN -m connlimit --connlimit-above 128 --connlimit-mask 32 -j DROP #To ensure that the connection is normal iptables -A INPUT -p all -m state --state RELATED,ESTABLISHED -j ACCEPT #nginx common access iptables -A INPUT -p tcp --dport 80 -j ACCEPT #iptables -A INPUT -p tcp --dport 9000 -j ACCEPT iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT iptables -A INPUT -s SLB -j ACCEPT #Yum iptables -A INPUT -p tcp --sport 80 -j ACCEPT iptables -A INPUT -p tcp --sport 8080 -j ACCEPT iptables -A INPUT -p tcp --sport 443 -j ACCEPT #db slb iptables -A INPUT -s XXXX -j ACCEPT #for zabbix: iptables -A INPUT -s XXXX -j ACCEPT #for jump iptables -A INPUT -s XXXX -j ACCEPT iptables -A INPUT -s XXXX -j ACCEPT ##dns iptables -A INPUT -p tcp --sport 53 -j ACCEPT iptables -A INPUT -p udp --sport 53 -j ACCEPT ##for ping: iptables -A INPUT -p icmp --icmp-type any -j ACCEPT ### end ### iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset iptables -A INPUT -j DROP