一.允许lo回环接口的通讯
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
二.设置22号端口规则
iptables -A INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –seconds 10 –hitcount 2 -j DROP
iptables -A INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
三.允许的端口
iptables -A INPUT -p tcp –dport 22 -j ACCEPT
iptables -A INPUT -p tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp –dport 443 -j ACCEPT
四.设置默认策略
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
这些是基本常用配置,当然其他的按需设置即可!!!
