好用的防火牆iptables

閱讀相關的文章,一再推荐iptables,幾次嚐試失敗後,再爬文,終於有一些心得,提供同好參考。

上一篇文章提到,我把網站伺服器與檔案傳輸服務結合在Ubuntu 12.04 Server上,而網站伺服器,設定須要做客戶服務,須要將意見反應給公司業務的郵件服務,簡單想到開啟21 25 80埠,事實比較複雜,網路上,大都部份描述,今天把它湊合一起:

  • #vi /etc/vsftpd.conf

    增加下列3行
    pasv_enable=YES
    Pasv_min_port=4000
    pasv_max_port=4500

  • #vi /root/iptables.sh

    #!/bin/bash
    /sbin/iptables -F
    /sbin/iptables -X
    /sbin/iptables -A INPUT -p tcp -m multiport –dport 20:21,22,80,4000:4500 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -sport 25 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp –dport 25 -j ACCEPT
    /sbin/iptables -A INPUT -p tcp -I eth0 -j DROP

最後,將/etc/rc.local加入一行:

/root/iptables.sh

別忘了reboot…

好用的防火牆iptables 有 “ 2 則迴響 ”

  1. I’ve recently started a web site, the information you provide on this web site has helped me greatly. Thanks for all of your time & work. “Quit worrying about your health. It’ll go away.” by Robert Orben.

  2. I’ve recently started a web site, the information you provide on this web site has helped me greatly. Thanks for all of your time & work. “Quit worrying about your health. It’ll go away.” by Robert Orben.

發表迴響