我正在使用iptables设置防火墙.这是我第一次尝试这样的事情.
到目前为止,我有以下规则:
- # Clear any prevIoUs entries
- --flush
- --delete-chain
- # Set the default policies for all three default chains
- -P INPUT DROP
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- # Enable use of the loopback interface
- -A INPUT -i lo -j ACCEPT
- -A OUTPUT -o lo -j ACCEPT
- # Accept inbound TCP packets
- -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- -A INPUT -p tcp --dport 80 -j ACCEPT
- -A INPUT -p tcp --dport 443 -j ACCEPT
- -A INPUT -p tcp --dport 22 -j ACCEPT
- # Accept inbound UDP packets
- -A INPUT -p udp --dport 123 -j ACCEPT
- # Accept inbound ICMP messages
- -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
我打开的端口是80(http),443(https),22(ssh),123(ntp).
任何建议或改进将不胜感激.
解决方法
在我看来很好.
在我的个人配置中,具有TCP ACCEPT语句的行更具体一些:
-A INPUT -p tcp –dport 22 –syn -m state –state NEW -j ACCEPT -A INPUT -p tcp –dport 80 –syn -m state –state NEW -j ACCEPT -A INPUT -p tcp –dport 443 –syn -m state –state NEW -j ACCEPT
