From c95e5aa43d527607fc3bc1336b9c8c85afcc0a93 Mon Sep 17 00:00:00 2001
From: "usa.yimian.xyz" <git@usa.yimian.xyz>
Date: Wed, 19 Aug 2020 23:58:51 -0400
Subject: [PATCH] iptables

---
 usa.yimian.xyz/iptables.sh | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 usa.yimian.xyz/iptables.sh

diff --git a/usa.yimian.xyz/iptables.sh b/usa.yimian.xyz/iptables.sh
new file mode 100644
index 0000000..e27df49
--- /dev/null
+++ b/usa.yimian.xyz/iptables.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+iptables -F
+iptables -P INPUT DROP
+iptables -P OUTPUT ACCEPT
+iptables -P FORWARD ACCEPT
+# ssh
+iptables -A INPUT -p tcp --dport 22 -j ACCEPT
+# iis
+#iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+#iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
+#iptables -A INPUT -p tcp --dport 443 -j ACCEPT
+#iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
+# frps
+#iptables -A FORWARD -p tcp --dport 4477 -j ACCEPT
+#iptables -A FORWARD -p tcp --dport 4480 -j ACCEPT
+#iptables -A FORWARD -p tcp --dport 4443 -j ACCEPT
+#iptables -A FORWARD -p tcp --dport 4400:4440 -j ACCEPT
+# dns
+iptables -A INPUT -p tcp --sport 53 -j ACCEPT
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+# icmp ping
+iptables -A INPUT -p icmp -j ACCEPT
+# dns lookup
+iptables -A INPUT -i lo -j ACCEPT
+#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+# anti muma
+iptables -A OUTPUT -p tcp --sport 31337 -j DROP
+iptables -A OUTPUT -p tcp --dport 31337 -j DROP
+# anti ddos
+#iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT
+#iptables -A FORWARD -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
+# end
+#iptables -A FORWARD -j DROP
+# save
+service iptables save
+echo Please restart docker
+#systemctl restart iptables