iptables 語法

存個紀錄

#!/bin/bash

#PATH=/sbin:/bin:/usr/sbin:/usr/bin; export PATH

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -F

iptables -X

iptables -Z

iptables -P INPUT   ACCEPT

iptables -P OUTPUT  ACCEPT

iptables -P FORWARD ACCEPT

iptables -F -t nat

iptables -X -t nat

iptables -Z -t nat

iptables -t nat -P PREROUTING  ACCEPT

iptables -t nat -P POSTROUTING ACCEPT

iptables -t nat -P OUTPUT      ACCEPT

iptables -A INPUT -i eth0 -j ACCEPT

iptables -A INPUT -i eth1 -j ACCEPT

iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport

 1723 -j ACCEPT

iptables -A INPUT -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT

iptables -t nat -A POSTROUTING -s 163.17.99.0/24 -j MASQUERADE

/etc/init.d/iptables save

/etc/init.d/iptables restart