linux防火墙脚本
来源:互联网 发布:看韩漫的软件 编辑:程序博客网 时间:2024/04/29 02:02
#!/bin/bash
#difine all wariance or partmeter
WAN_INT="eth0"
WIN_INT_IP="222.222.101,,1"
LAN_INT="eth1"
LAN_INT_IP="192.168.222.102"
ALLOW_ACCESS_CLIENT="192.168.222.1 192.168.222.2 192.168.222.3 192.168.222.1 192.168.222.4 192.168.222.5 192.168.222.6"
WAN_WIN2003_SRV="222.222.101.2"
PORT="20,21,25,80,110,143,554,1755,7070,"
IPT="/sbin/iptables"
########################################################################################################
start(){
echo ""
echo -e "\033[1;032m Flush all chains......................... [ok] \033[m"
# flush all rules at first
$IPT -t filter -F
$IPT -t nat -F
$IPT -t manager -F
# default policy is drop
$IPT -t filter -P INPUT DROP
$IPT -t filter -P OUTPUT DROP
$IPT -t filter -P FORWARD DROP
#oepn ssh service
$IPT -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
#SNAT
etho 1 > /proc/sys/net/ipv4/ip_forward
$IPT -t nat -A POSTROUING -s 192.168.222.0/24 -o $WAN_INT -j SNAT --to--source $WAN_INT_IP
################################accept erp access
if ["$ALLOW_ACCESS _CLIENT" !=""] ;then
for LAN in ${ALLOW_ACCESS_CLIENT} ;do
$IPT -t filter -A FORWARD -p tcp -m multiport -s ${LAN} -o $WAN_INT --dport $PORT -j ACCEPT
$IPT -t filter -A FORWARD -p udp -m multiport -s ${LAN} -o $WAN_INT --dport $PORT -j ACCEPT
$IPT -t filter -A FORWARD -p tcp -m multiport -i $ $WAN_INT --sport $port -j ACCEPT
$IPT -t filter -A FORWARD -p udp -m multiport -i $ $WAN_INT --sport $port -j ACCEPT
etho ""
etho ${LAN} Access to Externel .........ACCEPT acess Win2003 [ok]
done
fi
}
##################################################################################################
stop(){
############################# Flush everything
$IPT -F
$IPT -X
$IPT -Z
$IPT -F -t nat
$IPT -X -t nat
$IPT -Z -t nat
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
echo "###############################################################"
echo "# #"
echo "# Stop firewall server Access rule Successful #"
echo "# #"
echo "###############################################################"
}
###############################################################################################
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage:$) {start|stop|restart|}"
exit 1
esac
exit $?
#difine all wariance or partmeter
WAN_INT="eth0"
WIN_INT_IP="222.222.101,,1"
LAN_INT="eth1"
LAN_INT_IP="192.168.222.102"
ALLOW_ACCESS_CLIENT="192.168.222.1 192.168.222.2 192.168.222.3 192.168.222.1 192.168.222.4 192.168.222.5 192.168.222.6"
WAN_WIN2003_SRV="222.222.101.2"
PORT="20,21,25,80,110,143,554,1755,7070,"
IPT="/sbin/iptables"
########################################################################################################
start(){
echo ""
echo -e "\033[1;032m Flush all chains......................... [ok] \033[m"
# flush all rules at first
$IPT -t filter -F
$IPT -t nat -F
$IPT -t manager -F
# default policy is drop
$IPT -t filter -P INPUT DROP
$IPT -t filter -P OUTPUT DROP
$IPT -t filter -P FORWARD DROP
#oepn ssh service
$IPT -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
$IPT -t filter -A OUTPUT -p tcp --dport 22 -j ACCEPT
#SNAT
etho 1 > /proc/sys/net/ipv4/ip_forward
$IPT -t nat -A POSTROUING -s 192.168.222.0/24 -o $WAN_INT -j SNAT --to--source $WAN_INT_IP
################################accept erp access
if ["$ALLOW_ACCESS _CLIENT" !=""] ;then
for LAN in ${ALLOW_ACCESS_CLIENT} ;do
$IPT -t filter -A FORWARD -p tcp -m multiport -s ${LAN} -o $WAN_INT --dport $PORT -j ACCEPT
$IPT -t filter -A FORWARD -p udp -m multiport -s ${LAN} -o $WAN_INT --dport $PORT -j ACCEPT
$IPT -t filter -A FORWARD -p tcp -m multiport -i $ $WAN_INT --sport $port -j ACCEPT
$IPT -t filter -A FORWARD -p udp -m multiport -i $ $WAN_INT --sport $port -j ACCEPT
etho ""
etho ${LAN} Access to Externel .........ACCEPT acess Win2003 [ok]
done
fi
}
##################################################################################################
stop(){
############################# Flush everything
$IPT -F
$IPT -X
$IPT -Z
$IPT -F -t nat
$IPT -X -t nat
$IPT -Z -t nat
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
echo "###############################################################"
echo "# #"
echo "# Stop firewall server Access rule Successful #"
echo "# #"
echo "###############################################################"
}
###############################################################################################
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage:$) {start|stop|restart|}"
exit 1
esac
exit $?
- linux防火墙脚本
- 网吧linux代理防火墙脚本
- linux代理防火墙脚本[转载]
- linux防火墙配置shell脚本
- linux+shell+脚本+过滤NetScreen防火墙日志
- 简单的Linux防火墙配置脚本例子
- Linux之防火墙的两个脚本文件
- 防火墙脚本
- Linux非法ip通过脚本执行定时任务加入防火墙
- linux防火墙脚本,一键解决防火墙规则带来的痛苦。
- Linux防火墙-单机防火墙
- iptables防火墙脚本
- openwrt 防火墙脚本
- Linux 防火墙
- Linux防火墙
- Linux 防火墙
- linux防火墙
- linux防火墙
- http代理工作原理(2)
- 查看oracle数据库是否归档和修改归档模式
- 汇编 溢出的判断
- clientLeft clientHeight 详解
- Count and Say
- linux防火墙脚本
- 淘宝API 如何获取颜色 尺码 属性表
- CSS样式: 总结~~Myself
- java 序列化到mysql数据库中
- 批量控制工作特征,草图的可见性
- 人在寂寞中
- 世界经典动画短片收集
- Linux Qt 环境以及基础
- secureMRT Linux命令汉字出现乱码
