iptables简单实例

# Generated by iptables-save v1.3.5 on Thu Aug 30 08:50:38 2012

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [26:2408]

-A INPUT -i eth1 -j ACCEPT 

-A INPUT -s 127.0.0.1 -i eth0 -j DROP 

-A INPUT -s 255.255.255.255 -i eth0 -j DROP 

-A INPUT -d 0.0.0.0 -i eth0 -j DROP 

-A INPUT -i eth0 -p tcp -m tcp --dport 1983 -j ACCEPT 

-A INPUT -s 211.154.155.36 -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT 

-A INPUT -i eth0 -p tcp -m tcp --sport 25 -j ACCEPT 

-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT 

-A INPUT -i eth0 -p tcp -m tcp --sport 53 -j ACCEPT 

-A INPUT -s 58.61.149.209 -i eth0 -j ACCEPT 

-A INPUT -s 58.61.149.214 -i eth0 -j ACCEPT 

-A INPUT -s 172.21.0.0/255.255.0.0 -i eth0 -j ACCEPT 

-A INPUT -s 120.197.129.66 -i eth0 -j ACCEPT 

-A INPUT -s 120.197.129.67 -i eth0 -j ACCEPT 

-A INPUT -s 211.154.155.130 -i eth0 -j ACCEPT 

-A INPUT -i lo -j ACCEPT 

-A INPUT -i eth0 -p udp -m udp --sport 123 -j ACCEPT 

-A INPUT -s 10.10.10.1 -i eth0 -p udp -m udp --sport 161 -j ACCEPT 

-A INPUT -i eth0 -p icmp -m limit --limit 20/min --limit-burst 10 -j ACCEPT 

COMMIT

# Completed on Thu Aug 30 08:50:38 2012

# Generated by iptables-save v1.3.5 on Thu Aug 30 08:50:38 2012

*nat

:PREROUTING ACCEPT [41935:3584596]

:POSTROUTING ACCEPT [668501:54420232]

:OUTPUT ACCEPT [668501:54420232]

COMMIT

# Completed on Thu Aug 30 08:50:38 2012

#转发数据命令

#iptables -t nat -A PREROUTING -d 192.168.1.90 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.90:801