设置Linux防火墙

时间:2023-12-19 17:39:26

设置 Linux 服务器防火墙脚本,Web_iptables.sh

  1. 通过内网可访问服务器所有开放端口
  2. 给跳板机开放sshd端口连接服务器
  3. 信任ip 所有端口均开放
  4. 开放部分端口供外部访问
#!/bin/bash

#Intranet_network=`ifconfig eth1 |grep "inet addr"|awk -F: '{print $2}'|awk '{print $1}'|awk -F "." '{print $1}'`

#取得本机内网IP

function getLocalInnerIP()

{

        ifconfig | grep 'inet addr:' | awk -F"inet addr:" '{print $2}'  | awk '{print $1}' | while read theIP; do

            A=$(echo $theIP | cut -d '.' -f1)

            B=$(echo $theIP | cut -d '.' -f2)

            C=$(echo $theIP | cut -d '.' -f3)

            D=$(echo $theIP | cut -d '.' -f4)

            int_ip=$(($A<<|$B<<|$C<<|$D))

            #10.0.0.0()~10.255.255.255()

            if [ "${int_ip}" -ge  -a "${int_ip}" -le  ]; then

                echo $theIP

            elif [ "${int_ip}" -ge  -a "${int_ip}" -le  ]; then     #172.16.0.0()~172.31.255.255()

                echo $theIP

            elif [ "${int_ip}" -ge  -a "${int_ip}" -le  ]; then   #192.168.0.0()~192.168.255.255()

                echo $theIP

            fi

        done

}

innerIP=`getLocalInnerIP`

Intranet_network=`echo $innerIP|awk -F "." '{print $1}'`

IPT=/sbin/iptables

#tiaobanji

#TIAOBANJI="218.17.152.189 113.107.167.90 58.253.68.90"

TIAOBANJI=""

#trust ip

ETL1=219.129.216.224

LAN_IP=$Intranet_network.0.0./255.0.0.0

#guangzhou idc ip

yw1=43.230.88.130

#NAGIOS_IP=121.10.141.196

TRUST_IP="$LAN_IP $ETL1 $yw1 121.10.141.196"

# Delete Any Existing Chains In Filter Table

$IPT -F -t filter

$IPT -X -t filter

$IPT -Z -t filter

### Allow TRUST IP (LAN_IP ETL1 ETL2 GM1 GM2 ACCPET)

for TURST in $TRUST_IP

do

        $IPT -A INPUT -s $TURST -j ACCEPT

done

#tiaobanji

for TBJ in $TIAOBANJI

do

        $IPT -A INPUT -s $TBJ -p tcp --dport  -j ACCEPT

done

# localhost

$IPT -A INPUT -p icmp -j ACCEPT

$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

### The ALL network for open ports

$IPT  -A INPUT  -p tcp -m multiport --dports ,, -j ACCEPT

$IPT  -A INPUT  -p tcp -m multiport --dports ,,,, -j ACCEPT

$IPT  -A INPUT  -p tcp -m multiport --dports ,,,, -j ACCEPT

### The zabbix server

$IPT -A INPUT -s 113.107.166.246 -p tcp --dport  -j ACCEPT

# Setting Default Policies, just accept output, drop any other

$IPT -P INPUT DROP

$IPT -P OUTPUT ACCEPT

$IPT -P FORWARD DROP

### save iptables

/etc/init.d/iptables save

exit

Web_iptables.sh

#!/bin/bash

IPT=/sbin/iptables

$IPT -F

$IPT -P INPUT ACCEPT

$IPT -A INPUT -i lo -j ACCEPT

$IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPT -A INPUT -p icmp -j ACCEPT

$IPT -A INPUT -s 120.25.153.31 -j ACCEPT

$IPT -A INPUT -p tcp --dport  -j ACCEPT

$IPT -A INPUT -p tcp --dport : -j ACCEPT

$IPT -A INPUT -s 120.25.153.31 -p tcp --dport  -j ACCEPT

$IPT -A INPUT -s 183.14.0.0/ -p tcp --dport  -j ACCEPT

$IPT -A INPUT -s 183.14.1.0/ -p tcp --dport  -j ACCEPT

$IPT -A INPUT -s 120.25.153.32 -j DROP

$IPT -A INPUT -j DROP

iptables.sh

相关文章