linux 서버를 셋팅할때 각각 배포본마다 설정되어있는 iptables 설정은 배포본의 경계를 넘나들때나, 변경할때 귀찮기 마련이다. 그래서 마련한 간단히 셋팅을 바꿀수 있는 스크립트.
referance : http://wiki.centos.org/HowTos/Network/IPTables
case : centos
vi gen_iptable.sh #!/bin/bash /sbin/iptables -F # Allow SSH connections on tcp port 22 /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # Set default policies for INPUT, FORWARD and OUTPUT chains /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # Set access for localhost /sbin/iptables -A INPUT -i lo -j ACCEPT # Accept packets belonging to established and related connections /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # My Firewall /sbin/iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT # Save settings /sbin/service iptables save # List rules /sbin/iptables -L -v
case : ubuntu
vi gen_iptable.sh #!/bin/bash /sbin/iptables -F # Allow SSH connections on tcp port 22 /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # Set default policies for INPUT, FORWARD and OUTPUT chains /sbin/iptables -P INPUT DROP /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT # Set access for localhost /sbin/iptables -A INPUT -i lo -j ACCEPT # Accept packets belonging to established and related connections /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # My Firewall /sbin/iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -s xxx.xxx.xxx.xxx -j ACCEPT # Save settings /sbin/iptables-save > /etc/iptables.rule # List rules /sbin/iptables -L -v
