Iptables规则备忘

VPS设置

iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT && \
iptables -I INPUT 2 -i lo -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22222 -j ACCEPT && \
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT && \
iptables -A INPUT -p tcp --dport 443 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT && \
iptables -A INPUT -p tcp --dport 22222 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT && \
iptables -P INPUT DROP && \
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 6/s -j ACCEPT && \
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 6/s -j ACCEPT

公司工作站

iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT && \
iptables -I INPUT 2 -i lo -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 8090 -j ACCEPT && \
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 8100 -j ACCEPT && \
iptables -P INPUT DROP && \
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 6/s -j ACCEPT && \
iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 6/s -j ACCEPT && \
iptables -t nat -A PREROUTING -d 192.168.20.248 -p tcp --dport 8080 -j DNAT --to-destination 192.168.20.247:3389 && \
iptables -t nat -A POSTROUTING -d 192.168.20.247 -p tcp --dport 3389 -j SNAT --to-source 192.168.20.248