iptables

https://blog.csdn.net/zht666/article/details/17505789

cat >/bin/iptables.sh <<EOF
#!/bin/bash
iptables -F
iptables -t nat -F
#### Below are the basal iptables config, normally need not be modified #######
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p udp --source-port 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 62222 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
##### Below are the Appalication related iptables config #######
iptables -A INPUT -s 192.168.5.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP
EOF
systemctl enable iptables.service
systemctl restart iptables.service
sh  /bin/iptables.sh
echo 'sh /bin/iptables.sh' >> /etc/rc.local

### 
# -- 查找所有input规则
iptables -L INPUT --line-numbers
#-- 删除一条规则
iptables -D INPUT 11 #（注意，这个11是行号，是iptables -L INPUT --line-numbers 所打印出来的行号）
#iptables 四表五链
# https://www.cnblogs.com/zhujingzhi/p/9706664.html