iptables设置实例

myfirewall.sh的内容:
[bash]
#!/bin/bash

# 清除iptables内一切现存的规则
iptables -F

#允许ssh连接到tcp端口22
iptables -A INPUT -p tcp –dport 22 -j ACCEPT

#设置INPUT、FORWARD及OUTPUT的缺省策略
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

#设置localhost的访问权
iptables -A INPUT -i lo -j ACCEPT

#接受现存的连接
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

#开通http和https端口
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT

#开通yuchberry和mds端口
iptables -A INPUT -p tcp –dport 9716 -j ACCEPT
iptables -A INPUT -p udp –dport 19781 -j ACCEPT

#开通ftp端口
#PASV端口范围在/etc/vsftpd/vsftpd.conf里用pasv_min_port和pasv_max_port设置
iptables -A INPUT -p tcp –dport 21 -j ACCEPT
iptables -A INPUT -p tcp –dport 21050:21099 -j ACCEPT

#存储设置
/sbin/service iptables save

#列出规则
iptables -L -v

#使用说明
echo “Usages:”
echo “chomd +x myfirewall”
echo “./myfirewall”
echo “/sbin/service iptables restart”
[/bash]

CentOS 5通过下面命令安装vsftpd:
[bash]
yum -y install vsftpd
chkconfig –level 345 vsftpd on
[/bash]

然后在/etc/vsftpd/vsftpd.conf文件最后加入两行(端口范围自已设置,建议设5位数的端口):
[bash]
pasv_min_port=21050
pasv_max_port=21099
[/bash]

Tags:

This entry was posted on 星期三, 20 7 月, 2011 at 15:56 and is filed under 东东博客. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply