You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
40 lines
1.4 KiB
40 lines
1.4 KiB
#!/bin/bash |
|
iptables -F |
|
iptables -P INPUT DROP |
|
iptables -P OUTPUT ACCEPT |
|
iptables -P FORWARD ACCEPT |
|
# ssh |
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT |
|
# iis |
|
#iptables -A INPUT -p tcp --dport 80 -j ACCEPT |
|
#iptables -A FORWARD -p tcp --dport 80 -j ACCEPT |
|
#iptables -A INPUT -p tcp --dport 443 -j ACCEPT |
|
#iptables -A FORWARD -p tcp --dport 443 -j ACCEPT |
|
# frps |
|
#iptables -A FORWARD -p tcp --dport 4477 -j ACCEPT |
|
#iptables -A FORWARD -p tcp --dport 4480 -j ACCEPT |
|
#iptables -A FORWARD -p tcp --dport 4443 -j ACCEPT |
|
#iptables -A FORWARD -p tcp --dport 4400:4440 -j ACCEPT |
|
# dns |
|
#iptables -A INPUT -p tcp --sport 53 -j ACCEPT |
|
#iptables -A INPUT -p udp --sport 53 -j ACCEPT |
|
# for established service |
|
iptables -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
iptables -A INPUT -p udp -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
# icmp ping |
|
iptables -A INPUT -p icmp -j ACCEPT |
|
# dns lookup |
|
iptables -A INPUT -i lo -j ACCEPT |
|
#iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT |
|
# anti muma |
|
iptables -A OUTPUT -p tcp --sport 31337 -j DROP |
|
iptables -A OUTPUT -p tcp --dport 31337 -j DROP |
|
# anti ddos |
|
#iptables -A FORWARD -f -m limit --limit 100/s --limit-burst 100 -j ACCEPT |
|
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT |
|
# end |
|
#iptables -A FORWARD -j DROP |
|
# save |
|
service iptables save |
|
echo Please restart docker |
|
#systemctl restart iptables
|
|
|