单服务器防护linux iptables脚本

#!/bin/bash
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
/sbin/iptables -A INPUT -i eth1 -m multiport -p tcp --dport 5060,6060,5070,1720,3720,1719,2719,3719,1202,80 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -m multiport -p udp --dport 5060,6060,5070,5055,5065 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 10000:30000 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 10000:39999 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 40000:47999 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 50000:57999 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 60000:61999 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 60000:63999 -j ACCEPT
/sbin/iptables -A INPUT -i eth1 -p udp --dport 48000:49999 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
/etc/init.d/iptables start
chkconfig iptables on 3 5
/etc/init.d/iptables save