iptables的設定

1:先將iptables全數
iptables -F
iptables -Z
iptables -X
2:確認現有policy chain
iptables -L
3:定立規則並初始化policy chain
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -P INPUT DROP
4:初始化本機連線,啟用連線保留功能,方便遠端調整
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
5:新增區塊連入
iptables -A INPUT -s NETWORKID/NETMASK -j ACCEPT
6:將設定寫回系統
/etc/init.d/iptables save active

iptables設定的porting -> /etc/sysconfig/iptables

sample!
# Generated by iptables-save v1.2.11 on Tue Sep 16 20:00:17 2008
*filter
:INPUT ACCEPT [3181787:4475034848]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1601837:84186272]
-A INPUT -s ! 192.168.0.0/255.255.255.0 -p tcp -m tcp --dport 22 -j DROP
-A INPUT -d 192.168.0.51 -p tcp -m iprange --src-range 192.168.0.1-192.168.0.10 -m tcp --dport 5500 -j DROP
COMMIT
# Completed on Tue Sep 16 20:00:17 2008