Answer the question
In order to leave comments, you need to log in
2 answer(s)
@merryjane
The point is that we make the default policies DROP for the INPUT and FORWARD chains, and then we add the permissions we need.
I
Igor, 2014-06-25 @merryjane
Here is an approximate script with comments to the commands:
#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# сбрасываем правила, очищаем цепочки
iptables -F
iptables -X
# настраиваем политики по умолчанию
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
#
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# LOOPBACK
iptables -A INPUT -i lo -j ACCEPT
# ICMP
iptables -A INPUT -p icmp -j ACCEPT
# если порты для tcp
iptables -A INPUT -p tcp -m multiport --dports 221,10000,2302 -m state --state NEW -j ACCEPT
# если порты для udp
iptables -A INPUT -p udp -m multiport --dports 221,10000,2302 -j ACCEPT
exit 0The point is that we make the default policies DROP for the INPUT and FORWARD chains, and then we add the permissions we need.
Similar questions
U
M
mrfry2019-08-27 12:41:17
How to set up access to the branch network through the central office?
3Reply
T
G
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question