iptables配置文件

iptables配置文件

# Generated by iptables-save v1.3.5 on Fri May 23 22:48:53 2014

*filter

:INPUT ACCEPT [1409:372368]

:FORWARD ACCEPT [11964:4465532]

:OUTPUT ACCEPT [7344:3304920]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -p tcp -m tcp --dport 7650 -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -p tcp -m tcp --dport 5000:6000 -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 20 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 60 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT

-A INPUT -p udp -m udp --dport 53 -j ACCEPT

-A INPUT -p gre -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -s 192.168.10.0/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356

#-A FORWARD -m state --state INVALID -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 31337:31340 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 32335 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 27444 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 27665 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 20034 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 9704 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 137:139 -j DROP 

#-A OUTPUT -p tcp -m tcp --sport 2049 -j DROP 

#-A OUTPUT -m state --state INVALID -j DROP 

COMMIT

# Completed on Fri May 23 22:48:53 2014

# Generated by iptables-save v1.3.5 on Fri May 23 22:48:53 2014

*nat

:PREROUTING ACCEPT [2339:435496]

:POSTROUTING ACCEPT [15:1056]

:OUTPUT ACCEPT [15:1056]

-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o eth0 -j SNAT --to-source 119.134.250.46

#-A POSTROUTING -s 192.168.10.0/255.255.255.0 -o eth0 -j MASQUERADE 

COMMIT

# Completed on Fri May 23 22:48:53 2014