1 # !/bin/bash
2 #--------------------------------------------------------------------------
3 # 作者:elewei
4 # 时间:2016/09/22
5 #
6 #解释:
7 # 当输入./iptables.sh 192.168.1.1 ssh web ping时
8 # 只将22,80,icmp端口向192.168.1.1地址开放,默认拒绝所有
9 #--------------------------------------------------------------------------
10
11 initialize()
12 {
13 iptables -F
14 iptables -X
15 iptables -Z
16 }
17
18 nossh(){
19 /sbin/iptables -t filter -A INPUT -p tcp --dport 22 -s $ip -j ACCEPT
20 /sbin/iptables -t filter -A INPUT -p tcp --dport 22 -j DROP
21 }
22
23 noweb(){
24 /sbin/iptables -A INPUT -p tcp --dport 80 -s $ip -j ACCEPT
25 /sbin/iptables -A INPUT -p tcp --dport 80 -j DROP
26 }
27
28 noicmp(){
29 iptables -I INPUT -p icmp -j DROP
30 iptables -I INPUT -s $ip -p icmp -j ACCEPT
31 iptables -I OUTPUT -s $ip -p icmp -j ACCEPT
32 iptables -I INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
33 iptables -I OUTPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
34 }
35
36 save()
37 {
38 service iptables save
39 }
40
41 if [ $# -gt 0 ]; then
42 if [[ $1 =~ ^([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.([0-9]{1,2}|1[0-9][0-9]|2[0-4][0-9]|25[0-5])$ ]]
43 then
44 ip=$1
45 shift
46 if [ $# -gt 0 ]; then
47 initialize
48 for i in $@
49 do
50 case $i in
51 ssh)
52 #echo "do ssh"
53 nossh
54 ;;
55 web)
56 #echo "do web"
57 noweb
58 ;;
59 icmp)
60 #echo "do icmp"
61 noicmp
62 ;;
63 *)
64 echo "$i:unrecognizaed option"
65 ;;
66 esac
67 done
68
69 save
70 else
71 echo "Please Input Correct Parameter!"
72 fi
73 else
74 echo "$1 IP is not correct!"
75 fi
76 else
77 echo "Please Input Correct Parameter!"
78 fi
浙公网安备 33010602011771号