linux下iptables配置模板
# Flush all policy
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t mangle -X
# Enable ip forward
echo "1" > /proc/sys/net/ipv4/ip_forward
# module
modprobe bridge
modprobe ip_tables
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_tftp
modprobe ip_conntrack_irc
modprobe ip_nat_tftp
modprobe ipt_recent
modprobe ipt_MASQUERADE
# Default policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Enable lo interface
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# DNS lookup
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
# SSH Server
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
# icmp request
iptables -A INPUT -p icmp --icmp-type 8 -m limit --limit 1/s --limit-burst 10 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT
# icmp echo
iptables -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT