iptables规则

vim /etc/sysconfig/iptables

Firewall configuration written by system-config-firewall

Manual customization of this file is not recommended.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 62222 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 3306 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8088 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 9098 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 12031 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 12032 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8281 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 12042 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 12043 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8906 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8010 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8019 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8006 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 8048 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 2181 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 50260 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT

开启

service iptables start

service iptables stop

service iptables restart

/etc/init.d/iptables save

/etc/init.d/iptables restart

chkconfig iptables on

chkconfig iptables off

路由功能开启

iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE

eth2是外网网卡

发表评论

电子邮件地址不会被公开。 必填项已用*标注