Linux

IPTABLE

너구리V 2010. 7. 1. 00:49

#!/bin/sh

MYHOST='xxx.xxx.xxx.xxx'
ANY='0.0.0.0/0'

#Delete all rules
/sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT

#Deny all access
/sbin/iptables -P INPUT DROP
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT DROP

#Allow local loopback address
/sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
/sbin/iptables -A OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT

#Allow namelookup to other DNS server
/sbin/iptables -A OUTPUT -p udp -s $MYHOST -d $ANY --destination-port 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -s $ANY --source-port 53 -d $MYHOST -j ACCEPT

#Allow ftp service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 21 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 21 -d $ANY -j ACCEPT

#Allow ftp-data service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 20 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 20 -d $ANY -j ACCEPT

#Allow ftp service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 21 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 21 -d $MYHOST -j ACCEPT

#Allow ftp-data service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 20 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 20 -d $MYHOST -j ACCEPT

#Allow http service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 80 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 80 -d $ANY -j ACCEPT

#Allow http service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 80 -d $MYHOST -j ACCEPT

#Allow http-SSL service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 443 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 443 -d $ANY -j ACCEPT

#Allow http-SSL service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 443 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 443 -d $MYHOST -j ACCEPT

#Allow smtp service to any host
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 25 -d $MYHOST -j ACCEPT

#Allow smtp service from any host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 25 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 25 -d $ANY -j ACCEPT

#Allow PostgreSQL service to DB server
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST -d $ANY --destination-port 5432 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s $ANY --source-port 5432 -d $MYHOST -j ACCEPT

#Allow ssh2 service from maintenance host
/sbin/iptables -A INPUT -p tcp -s $ANY -d $MYHOST --destination-port 22 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s $MYHOST --source-port 22 -d $ANY -j ACCEPT

반응형

'Linux' 카테고리의 다른 글

아파치 특정폴더에 암호걸기  (0) 2010.11.05
mysql 케릭터셋  (0) 2010.11.02
리눅스 커널 메모리 4G로 인식 안될 경우 처리 방법 하드웨어 구성  (0) 2010.05.13
mysql 저장프로시저  (0) 2010.04.19
mysql characterset  (0) 2010.04.19

'Linux'의 다른글

  • 현재글IPTABLE

관련글

티스토리툴바