iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 20:21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A INPUT -p tcp --sport 20:21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -m state --state ESTABLISHED -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --sport 20:21 -m state --state ESTABLISHED -j ACCEPT
iptables -I INPUT -p udp --sport 53 -j ACCEPT
iptables -I INPUT -p tcp --sport 53 -j ACCEPT
iptables -t filter -P INPUT DROP
[root@jyoe ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:ftp-data:ftp state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ftp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:ftp-data:ftp state ESTABLISHED
[伊達隨筆]iptables解決FTP登錄慢的問題
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.