iptables.sh + 單機

#!/bin/bash
# 2006/04/22 Author by cross@ssorc.tw
set -x

exif="ppp0"
inif="eth0"

exip=""
inip="10.1.1.254"

innet="10.1.1.0/24"

iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -X

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 22 -j ACCEPT

iptables -A INPUT -p tcp -m multiport –dports 25,80 –syn -m state –state NEW -j ACCEPT

iptables -A INPUT -p icmp –icmp-type 8 -j ACCEPT

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -j DROP