IPTABLES Basic Example

iptables –F #Delete existing rules iptables -P INPUT DROP #Configure the default deny rule. The basic rule is to reject all services first and then add new ones as needed. Iptables -A INPUT -p tcp --dport 80 -j ACCEPT #open the tcp protocol of the WEB service port iptables -A INPUT -p tcp --dport 110 -j ACCEPT #open the POP3 service port tcp protocol iptables -A INPUT -p Tcp --dport 25 -j ACCEPT #Open the SMTP service port tcp protocol iptables -A INPUT -p tcp --dport 21 -j ACCEPT #Open the FTP service port tcp protocol iptables -A INPUT -p tcp -s 202.106.12.130 --dport 22 -j ACCEPT #Allow the IP address to be 202.106.12.130. This host connects to the local SSH service port iptables -A INPUT -p tcp --dport 53 -j ACCEPT #Allow the tcp packets of the DNS service port to flow into iptables - A INPUT -p udp --dport 53 -j ACCEPT #Allow UDP packets from the DNS service port to flow into iptables -A INPUT -p icmp -icmp-type echo-request -i eth1 -j DROP #防死的ping, slave interface All requests for icmp protocol entered by eth1 are discarded. Iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT #Prevent SYN Flood (denial of service attack) iptables -t nat -A POSTROUTING -o eth1 -s 192.168.0.226 -j MASQUERADE# Allow 192.168.0.226 to spoof the external network iptables via eth1 IP -t nat -A POSTROUTING -o eth0 -s 192.168.0.4 -p tcp --dport 25 -j MASQUERADE# allows 192.168.0.4 to access the 25 port of the external network through eth0 masquerading < Br>