#!/bin/bash ########################### export LANG=C export LC_ALL=C export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin #####filter table ########## ########INPUT chains ######## iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD ACCEPT iptables -F iptables -X iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -p icmp -m icmp --icmp-type any -m limit --limit 40/s -j ACCEPT ######pil######## iptables -A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT #####yunweiIP-baoleijiIP###### iptables -A INPUT -s 36.37.142.178 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -s 122.128.111.227 -p tcp --dport 22 -j ACCEPT iptables -A INPUT -s 122.128.111.146 -p tcp --dport 22 -j ACCEPT ###### 放开内网 ###### iptables -A INPUT -s 192.168.1.0/16 -j ACCEPT ###外网放开 80 22 ### for ip in `cat /opt/sh/ip.txt |grep -v "#"` do if [ -n "$ip" ];then iptables -A INPUT -s $ip -p tcp -m multiport --dport 22,80 -j ACCEPT fi done #######global##### iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited ########save####### iptables-save -c > /etc/sysconfig/iptables