Debian默认已经安装iptables,查看规则iptables -L默认允许所有出入,这是非常不安全的,因此需要对规则进行调整。




*filter    # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0  -A INPUT -i lo -j ACCEPT  -A INPUT ! -i lo -d -j REJECT    # Accepts all established inbound connections  -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT    # Allows all outbound traffic  # You could modify this to only allow certain traffic  -A OUTPUT -j ACCEPT    # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)  -A INPUT -p tcp --dport 80 -j ACCEPT  -A INPUT -p tcp --dport 443 -j ACCEPT    # Allows SSH connections  # The --dport number is the same as in /etc/ssh/sshd_config  -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT    # Now you should read up on iptables rules and consider whether ssh access  # for everyone is really desired. Most likely you will only allow access from certain IPs.    # Allow ping  #  note that blocking other types of icmp packets is considered a bad idea by some  #  remove -m icmp --icmp-type 8 from this line to allow all kinds of icmp:  #  -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT    # log iptables denied calls (access via 'dmesg' command)  -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7    # Reject all other inbound - default deny unless explicitly allowed policy:  -A INPUT -j REJECT  -A FORWARD -j REJECT    COMMIT  


iptables-restore < /etc/iptables.test.rules  


iptables-save > /etc/iptables.up.rules  


#编辑配置  /etc/network/if-pre-up.d/iptables  


#!/bin/sh   /sbin/iptables-restore < /etc/iptables.up.rules  


chmod +x /etc/network/if-pre-up.d/iptables  


原文出处:faq.xiaoz ->

本站所发布的一切资源仅限用于学习和研究目的;不得将上述内容用于商业或者非法用途,否则,一切后果请用户自负。本站信息来自网络,版权争议与本站无关。您必须在下载后的24个小时之内,从您的电脑中彻底删除上述内容。如果您喜欢该程序,请支持正版软件,购买注册,得到更好的正版服务。如果侵犯你的利益,请发送邮箱到 [email protected],我们会很快的为您处理。