iptables脚本-白名单和黑名单等方式

#!/bin/bash
#By Egrep QQ:10206334
#version: v1
#redis  mysql  由于报了在公网 需要做安全策略
#variables 
IPT=/sbin/iptables
#zabbix 192.144.167.224
IP_Pub=(172.16.0.8,172.16.16.15,172.16.0.7 192.144.167.224)  

#初始化函数
init(){
    #backup iptables config
    iptables-save >/etc/sysconfig/iptables-back-$(date +%F)  
    #Remove any existing rules
    $IPT -F
    $IPT -X
    $IPT -Z
    #setting for loopback interface
    $IPT -A INPUT -i lo -j ACCEPT
    #icmp
    $IPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
    #others RELATED
    $IPT -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
}

#zk 允许的函数
ZK_Allow(){
    #redis 6379 Allow all  ip
    for i in ${IP_Pub[*]}
    do
        $IPT -A INPUT -s $i  -p tcp -m tcp --dport 2181 -j ACCEPT 

    	
    done
 
}
#zk 丢弃的函数
ZK_DROP(){
    #zk ban 
    $IPT -A INPUT -p tcp -m tcp --dport 2181 -j DROP 
    
}


#主函数
man(){
    init 
	ZK_Allow
	ZK_DROP
	
}

man