iptables 规则配置
只接受来自于指定ip对22端口的连接
#!/bin/sh
# My system IP/set ip address of server
SERVER_IP="139.196.240.224"
# Flushing all rules
iptables -F
iptables -X
# Setting default filter policy
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming ssh only from IP 202.54.1.20
iptables -A INPUT -p tcp -s 116.228.239.158 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s $SERVER_IP -d 116.228.239.158 --sport 22 --dport 513:65535 -m state --state ESTABLISHED -j ACCEPT
# make sure nothing comes or goes out of this box
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
#save to /etc/sysconfig/iptables
service iptables save
service iptables start
#设置开机自启动
chkconfig iptables on
接受内网的访问
iptables -A INPUT -p tcp -s 192.168.0.0/16 -m state --state NEW,ESTABLISHED -j ACCEPT