#write by loulancn@163.com
{dy}步:建立规则
root@loulancn:/etc/apt# vi /etc/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FW – [0:0]
-A INPUT -j FW
-A FORWARD -j FW
-A FW -i lo -j ACCEPT
-A FW -p icmp –icmp-type any -j ACCEPT
-A FW -m state –state ESTABLISHED,RELATED -j ACCEPT
-A FW -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A FW -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A FW -j REJECT –reject-with icmp-host-prohibited
COMMIT
把相应的iptables规则加进去,(loulancn配置的这些规则只放行基本的 80,22服务,请自行定制)
第二步:应用规则
编辑网络配置文件, vi /etc/network/interfaces 在相应网卡的配置文件里增加一句
pre-up iptables-restore /etc/iptables
例如:本机的配置
auto eth0
iface eth0 inet static
address 119.*.*.*
netmask 255.*.*.*
network 119.*.*.0
broadcast 119.*.*.*
gateway 119.*.*.*
pre-up iptables-restore /etc/iptables