|
1 |
vi /etc/sysconfig/iptables |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# Generated by iptables-save v1.4.7 on Sat Sep 29 10:26:10 2012 *nat :PREROUTING ACCEPT [40182:3767364] :POSTROUTING ACCEPT [11964:943507] :OUTPUT ACCEPT [11964:943507] -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE COMMIT # Completed on Sat Sep 29 10:26:10 2012 # Generated by iptables-save v1.4.7 on Sat Sep 29 10:26:10 2012 *filter :INPUT DROP [4:600] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -p gre -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --dport 20 -j ACCEPT -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT -A INPUT -p tcp -m tcp --dport 30000:35000 -j ACCEPT -A INPUT -p tcp -m tcp --dport 65535 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.0.0/24 -o eth0 -j ACCEPT -A FORWARD -d 192.168.0.0/24 -i eth0 -j ACCEPT -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356 -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT |