个Linux防火墙规则举例
记录下来以备查用sbin/iptables -P INPUT DROP
/sbin/iptables -I INPUT -p tcp–dport 80 -j ACCEPT
/sbin/iptables -I INPUT -p tcp–dport 22 -j ACCEPT
/sbin/iptables -A INPUT -j DROP
/sbin/iptables -A INPUT -j LOG
/sbin/iptables -A FORWARD -p tcp–syn -m limit–limit 1/s -j ACCEPT
/sbin/iptables -A FORWARD -p tcp –tcp-flags SYN,ACK,FIN,RST RST -m limit –limit 1/s -j ACCEPT
/sbin/iptables -A FORWARD -p icmp–icmp-type echo-request -m limit–limit 1/s -j ACCEPT
/etc/init.d/iptables save /etc/init.d/iptables restart
最新评论