iptables简单脚本

2022年4月7日16:34:46iptables简单脚本已关闭评论
#!/bin/bash

LAN_INTERFACE="eth0"
INTERNET_INTERFACE="eth1"
LOCAL_IP="192.168.10.0/255.255.0.0"
ANYWHERE="any/0"
INTERNET_IP="192.168.3.50"

#echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv4/ip_dynaddr
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/ip_forward
#echo "40960" > /proc/sys/net/ipv4/ip_conntrack_max

for interface in /proc/sys/net/ipv4/conf/*/rp_filter; do
/bin/echo 1 > ${interface}
done

#清空规则
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
iptables -Z
iptables -t nat -Z
iptables -t filter -F
iptables -t filter -X

#默认规则
#iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P INPUT DROP
#iptables -P OUTPUT DROP
#iptables -P FORWARD DROP

#SSH(22)
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT

#dns(53)
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

#icmp
iptables -A INPUT -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT

#dnat
iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination 192.168.3.10:80
iptables -t nat -A POSTROUTING -p tcp -d 192.168.3.10 --dport 80 -j SNAT --to-source 192.168.3.50

#透明代理
#iptables -A FORWARD -s $LOCAL_IP -j ACCEPT
#iptables -A FORWARD -d $LOCAL_IP -j ACCEPT
#iptables -t nat -A PREROUTING -i $INTERNET_INTERFACE -s $LOCAL_IP -j ACCEPT
#iptables -t nat -A PREROUTING -i $INTERNET_INTERFACE -d $LOCAL_IP -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -m tcp -s $LOCAL_IP --dport 80 -j REDIRECT --to-port 4128
iptables -t nat -A POSTROUTING -s $LOCAL_IP -o $INTERNET_INTERFACE -j MASQUERADE
本文地址:http://81uyu.com/uyu/1080.html iptables简单脚本
  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin