博客

linux防火墙脚本

  • Post author:
  • Post category:linux


#!/bin/bash

#difine all wariance or partmeter

WAN_INT=”eth0″

WIN_INT_IP=”222.222.101,,1″

LAN_INT=”eth1″

LAN_INT_IP=”192.168.222.102″

ALLOW_ACCESS_CLIENT=”192.168.222.1 192.168.222.2 192.168.222.3 192.168.222.1 192.168.222.4 192.168.222.5 192.168.222.6″

WAN_WIN2003_SRV=”222.222.101.2″

PORT=”20,21,25,80,110,143,554,1755,7070,”

IPT=”/sbin/iptables”

########################################################################################################

start(){

echo “”

echo -e “\033[1;032m Flush all chains…………………….


[ok] \033[m”

# flush all rules at first

$IPT -t filter -F

$IPT -t nat -F

$IPT -t manager -F

# default policy is drop

$IPT -t filter -P INPUT DROP

$IPT -t filter -P OUTPUT DROP

$IPT -t filter -P FORWARD DROP

#oepn ssh service

$IPT -t filter -A INPUT -p tcp –dport 22 -j ACCEPT

$IPT -t filter -A OUTPUT -p tcp –dport 22 -j ACCEPT

#SNAT



etho 1 > /proc/sys/net/ipv4/ip_forward



$IPT -t nat -A POSTROUING -s 192.168.222.0/24 -o $WAN_INT -j SNAT –to–source $WAN_INT_IP

################################accept erp access

if [“$ALLOW_ACCESS _CLIENT” !=””] ;then

for LAN in ${ALLOW_ACCESS_CLIENT} ;do

$IPT -t filter -A FORWARD -p tcp -m multiport -s ${LAN} -o $WAN_INT –dport $PORT -j ACCEPT

$IPT -t filter -A FORWARD -p udp -m multiport -s ${LAN} -o $WAN_INT –dport $PORT -j ACCEPT

$IPT -t filter -A FORWARD -p tcp -m multiport -i $ $WAN_INT –sport $port -j ACCEPT

$IPT -t filter -A FORWARD -p udp -m multiport -i $ $WAN_INT –sport $port -j ACCEPT

etho “”

etho ${LAN} Access to Externel ………ACCEPT  acess Win2003


[ok]

done

fi

}

##################################################################################################

stop(){

############################# Flush everything



$IPT -F



$IPT -X



$IPT -Z



$IPT -F -t nat



$IPT -X -t nat



$IPT -Z -t nat



$IPT -P INPUT  ACCEPT



$IPT -P OUTPUT  ACCEPT



$IPT -P FORWARD  ACCEPT

echo  “###############################################################”

echo  “#


#”

echo  “#      Stop firewall server Access rule Successful


#”

echo  “#


#”

echo  “###############################################################”

}

###############################################################################################

case “$1” in



start)



start



;;



stop)



stop



;;



restart)



stop



start



;;



*)

echo $”Usage:$) {start|stop|restart|}”

exit 1

esac

exit $?


版权声明:本文为zjc801原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。