iptalbes 简单配置记录

# Generated by iptables-save v1.3.5 on Sat Oct 22 17:35:26 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1601885:2388598472]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -s 192.168.1.1 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Oct 22 17:35:26 2011

-A INPUT -s 192.168.1.1 -p tcp -m tcp --dport 3306 -j ACCEPT

指定ip：192.168.1.1访问服务器的mysql端口3306
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
开放22和80端口外网访问

#开启ssh
 iptables -A INPUT -p tcp --dport 20001 -j ACCEPT
 iptables -A OUTPUT -p tcp --sport 20001 -j ACCEPT

#关闭所有端口
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT DROP

#打开PING
 iptables -A INPUT -p icmp -j ACCEPT
 iptables -A OUTPUT -p icmp -j ACCEPT

 #开启53端口，DNS服务
 iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
 iptables -A INPUT -p udp --sport 53 -j ACCEPT

 

 #开启80端口，HTTP服务
 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 iptables -A OUTPUT -p tcp --sport 80 -j ACCEPT
#打开vps的mysql
 iptables -A INPUT -p tcp -s 117.34.73.77 --dport 3306 -j ACCEPT
 iptables -A OUTPUT -p tcp --sport 3306 -d 117.34.73.77 -j ACCEPT

 

#保存IPTABLES设置
 service iptables save /start 启动/stop 停止  /restart
 
#查看是否保存成功
 cat /etc/sysconfig/iptables