#!/bin/sh
MYHOST='xxx.xxx.xxx.xxx'
ANY='0.0.0.0/0'
#Delete all rules
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
#Deny all access
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT DROP
#Allow local loopback address
/sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
#Allow namelookup to other DNS server
/sbin/iptables -A OUTPUT -p udp -s $MYHOST -d $ANY --destination-port 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -s $ANY --source-port 53 -d $MYHOST -j ACCEPT
#Allow ftp service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 21 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 21 -d $ANY -j ACCEPT
#Allow ftp-data service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 20 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 20 -d $ANY -j ACCEPT
#Allow ftp service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 21 -d $MYHOST -j ACCEPT
#Allow ftp-data service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 20 -d $MYHOST -j ACCEPT
#Allow http service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 80 -d $ANY -j ACCEPT
#Allow http service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 80 -d $MYHOST -j ACCEPT
#Allow http-SSL service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 443 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 443 -d $ANY -j ACCEPT
#Allow http-SSL service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 443 -d $MYHOST -j ACCEPT
#Allow smtp service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 25 -d $MYHOST -j ACCEPT
#Allow smtp service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 25 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 25 -d $ANY -j ACCEPT
#Allow PostgreSQL service to DB server
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 5432 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 5432 -d $MYHOST -j ACCEPT
#Allow ssh2 service from maintenance host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 22 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 22 -d $ANY -j ACCEPT
'Linux' 카테고리의 다른 글
아파치 특정폴더에 암호걸기 (0) | 2010.11.05 |
---|---|
mysql 케릭터셋 (0) | 2010.11.02 |
리눅스 커널 메모리 4G로 인식 안될 경우 처리 방법 하드웨어 구성 (0) | 2010.05.13 |
mysql 저장프로시저 (0) | 2010.04.19 |
mysql characterset (0) | 2010.04.19 |