Shulou(Shulou.com)06/03 Report--

This article focuses on "how to configure the Shell script of CentOS iptables firewall", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn the Shell script of how to configure CentOS iptables Firewall.

It is too tedious to configure iptableswith several VPS in hand. I saw a script that automatically configures iptables firewall in Zhu GE's LNMP script. I borrowed it to change it and give it to those who need it.

Only provide the settings of common ports, if you have special needs, you only need to add or decrease the corresponding ports.

How to use it:

The code is as follows:

Chmod + x iptables.sh

. / iptables.sh

Set iptables to boot automatically:

The code is as follows:

Chkconfig-level 345 iptables on

Full Shell:

The code is as follows:

#! / bin/bash

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin

Export PATH

Function support_distro () {

If [- z "`centos-I" centos "/ etc/ issue`]; then

Echo "Sorry,iptables script only support centos system now."

Exit 1

Fi

}

Support_distro

Echo "= = iptables configure===="

# Only support CentOS system

# get SSH port

If grep "^ Port" / etc/ssh/sshd_config > / dev/null;then

Sshdport= `grep "^ Port" / etc/ssh/sshd_config | sed "s/Port\ sUniverse g" `

Else

Sshdport=22

Fi

# obtain DNS server IP

If [- s / etc/resolv.conf]; then

Nameserver1= `cat / etc/resolv.conf | grep nameserver | awk 'NR==1 {print $2}' `

Nameserver2= `cat / etc/resolv.conf | grep nameserver | awk 'NR==2 {print $2}' `

Fi

IPT= "/ sbin/iptables"

# Delete existing rules

$IPT-delete-chain

$IPT-flush

# No entry, no exit, no loopback Nic

$IPT-P INPUT DROP

$IPT-P FORWARD DROP

$IPT-P OUTPUT ACCEPT

$IPT-An INPUT-I lo-j ACCEPT

# allow access to established or related connections

$IPT-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

$IPT-An OUTPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

# limit the maximum number of connections to a single IP at port 80 to 10

$IPT-I INPUT-p tcp-- dport 80-m connlimit--connlimit-above 10-j DROP

# allow connections to ports 80 (HTTP) / 873 (RSYNC) / 443 (HTTPS) / 20 and 21 (FTP) / 25 (SMTP)

$IPT-An INPUT-p tcp-m tcp-- dport 80-j ACCEPT

$IPT-An INPUT-p tcp-m tcp-- dport 873-j ACCEPT

$IPT-An INPUT-p tcp-m tcp-- dport 443-j ACCEPT

$IPT-An INPUT-p tcp-m tcp-- dport 20-j ACCEPT

$IPT-An INPUT-p tcp-m tcp-- dport 21-j ACCEPT

$IPT-An INPUT-p tcp-m tcp-- dport 25-j ACCEPT

# allow connection to the SSH port, and the script automatically detects the current SSH port, otherwise it defaults to port 22

$IPT-An INPUT-p tcp-m tcp-- dport $sshdport-j ACCEPT

# allow ping

$IPT-An INPUT-p icmp- m icmp--icmp-type 8-j ACCEPT

$IPT-An INPUT-p icmp- m icmp--icmp-type 11-j ACCEPT

# allow DNS

[!-z "$nameserver1"] & & $IPT-An OUTPUT-p udp-m udp-d $nameserver1-- dport 53-j ACCEPT

[!-z "$nameserver2"] & & $IPT-An OUTPUT-p udp-m udp-d $nameserver2-- dport 53-j ACCEPT

# Save the rule and restart IPTABLES

Service iptables save

Service iptables restart

Echo "= = iptables configure completed===="

At this point, I believe you have a deeper understanding of "how to configure the Shell script of CentOS iptables Firewall". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.