自己做的iptables

# Generated by iptables-save v1.3.0 on Tue Dec 27 16:20:27 2005
*filter
:FORWARD DROP [0:0]
默认丢弃所有转发的数据包
-------------------------------------------
:INPUT DROP [807:77946]
默认丢弃所有进入Linux防火墙的数据包
-------------------------------------------
:OUTPUT DROP [15:1032]
默认丢弃所有Linux防火墙的数据包
-------------------------------------------
:RH-Firewall-1-INPUT - [0:0]
-A FORWARD -j LOG --log-prefix "[IPTABLES LOG]:" --log-level 7
记录所有级别为debug的iptables日志，并添加[IPTABLES LOG]标记
--------------------------------------------------------------
-A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
允许转发状态为相关的、以建立连接的数据包
---------------------------------------------------------------
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -o eth1 -p tcp -m tcp --dport 21 -j ACCEPT
-A FORWARD -s 10.103.2.0/255.255.255.0 -i eth1 -o eth0 -p tcp -m tcp --sport 20 -j ACCEPT
允许FTP流量
------------------------------------------------------------------------------------------
-A FORWARD -s 192.168.1.0/255.255.255.0 -i eth0 -o eth1 -p tcp -m tcp --dport 990 -j ACCEPT
-A FORWARD -s 10.103.2.0/255.255.255.0 -i eth1 -o eth0 -p tcp -m tcp --sport 989 -j ACCEPT
允许ssl ftp流量
-----------------------------------------------------------------------------------------
-A INPUT -s 10.103.2.0/255.255.255.0 -p tcp -m tcp --dport 23 -j ACCEPT

-------------------------------------------------------------------------------------------
-A INPUT -s 10.103.2.0/255.255.255.0 -p tcp -m tcp --sport 20 -j ACCEPT

 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 10.103.2.0/255.255.255.0 -p tcp -m tcp --dport 21 -j ACCEPT
COMMIT
# Completed on Tue Dec 27 16:20:27 2005