Linux: 防火墙配置样例

#!/bin/bash
# This is some iptables for yxy
# Create xianyu.ying 2015/10/14

EXTIF="eth0" # This is out eth

# 清除规则(table: filter)
iptables -F
iptables -X
iptables -Z

# 设定默认政策及开放 lo 与相关的设定值
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

# set iptables detail
iptables -A INPUT -p TCP -i $EXTIF --dport 8001 --sport 1024:65534 -j ACCEPT # SSH
iptables -A INPUT -p TCP -i $EXTIF --dport 8003 --sport 1024:65534 -j ACCEPT # MySQL

iptables -A INPUT -p TCP -i $EXTIF --dport 5010 --sport 1024:65534 -j ACCEPT # NeedU dev
iptables -A INPUT -p TCP -i $EXTIF --dport 5011 --sport 1024:65534 -j ACCEPT # dy dev
iptables -A INPUT -p TCP -i $EXTIF --dport 5012 --sport 1024:65534 -j ACCEPT # jy dev
#iptables -A INPUT -p TCP -i $EXTIF --dport 5013 --sport 1024:65534 -j ACCEPT # Flask dev
#iptables -A INPUT -p TCP -i $EXTIF --dport 5014 --sport 1024:65534 -j ACCEPT # Flask dev
#iptables -A INPUT -p TCP -i $EXTIF --dport 5015 --sport 1024:65534 -j ACCEPT # Flask dev

#iptables -A INPUT -p TCP -i $EXTIF --dport 5001 --sport 1024:65534 -j ACCEPT # wsgi status
iptables -A INPUT -p TCP -i $EXTIF --dport 80 --sport 1024:65534 -j ACCEPT # web
iptables -A INPUT -p TCP -i $EXTIF --dport 8889 --sport 1024:65534 -j ACCEPT # scrapyd
#iptables -A INPUT -p TCP -i $EXTIF --dport 8888 --sport 1024:65534 -j ACCEPT # nginx web
#iptables -A INPUT -p TCP -i $EXTIF --dport 8800 --sport 1024:65534 -j ACCEPT # uwsgi web 1
#iptables -A INPUT -p TCP -i $EXTIF --dport 8801 --sport 1024:65534 -j ACCEPT # uwsgi web 2

#iptables -A INPUT -p TCP -i $EXTIF --dport 5901 --sport 1024:65534 -j ACCEPT # vnc 1
#iptables -A INPUT -p TCP -i $EXTIF --dport 5902 --sport 1024:65534 -j ACCEPT # vnc 2

service iptables save