简单的iptables脚本样板

pk · 发表于 2003-1-5 22:35:20

[code:1]
#!/bin/sh
# rc.firewall -
# simple iptables rules with SNAT.

NIC_PUB=eth0
#SERVER=aaa.bbb.ccc.ddd
#SUBNET=192.168.0.0/24
#or#SUBNET=10.0.0.0/24

echo -n "Starting firewall rules..."

# necessary modules for iptables
modprobe ip_tables
modprobe iptable_nat
#modprobe ip_nat_ftp
#modprobe ip_conntrack
#modprobe ip_conntrack_ftp

# refresh all firewall rules
iptables -t filter -FZ
iptables -t nat -FZ
iptables -t mangle -FZ

# setup default firewall policies
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#############################################################################
#
# FORWARD chain:
# Enable simple IP FORWARDing and Masquerading
#iptables -P POSTROUTING DROP
#iptables -A FORWARD -m state --state RELATED -j ACCEPT
echo "1" > /proc/sys/net/ipv4/ip_forward
#正常情况下,用MASQUERADE.
#但如果客户机的网卡容易丢包,网络断断续续的,则用SNAT较好.
#iptables -t nat -A POSTROUTING -o $NIC_PUB -s $SUBNET \
# -j SNAT --to-source $SERVER
iptables -t nat -A POSTROUTING -o $NIC_PUB -j MASQUERADE

echo "Done"
[/code:1]

		自动登录	找回密码
密码			注册