iptables

ports=(10091 10092 31999)
for port in ${ports[*]};do
num=`iptables -nL INPUT --line-numbers | grep $port | awk '{print $1}' | head -n1`
if [ -n "$num" ]; then
iptables -D INPUT $num
fi

iptables -I INPUT -p tcp --dport $port ! -s 127.0.0.1 -j REJECT
done
service iptables save

 

iptables -I INPUT ! -s 127.0.0.1/32 -p tcp -m multiport --dport 1944,8843,3306 -j DROP

service iptables save

posted @ 2019-03-18 20:55  DaShuZang  阅读(79)  评论(0)    收藏  举报