##save as /etc/sysconfig/iptables,then /etc/init.d/iptables restart |start
# Firewall configuration written by redhat-config-securitylevel
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –tcp-flags FIN,SYN FIN,SYN -j DROP
-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 2222 -j ACCEPT
#
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
#
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
#
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8081 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8088 -j ACCEPT
#
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 53 -j ACCEPT
#
-A RH-Firewall-1-INPUT -s xxx.xxx.xxx.xxx -j ACCEPT
#
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp -s –dport 6666 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp -s xxx.xxx.xxx.xxx –dport port1 -j ACCEPT
#
#
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT
#
其实建议用以下方式添加相关规则并生效:
iptables -t nat -A POSTROUTING -s 10.1.1.1/24 -j MASQUERADE
#以上规则会更新至[/etc/sysconfig/iptables]文件
/etc/init.d/iptables save
