📄 rc_00_fi.{__
字号:
#!/bin/shPATH=/sbin:/bin:/usr/sbin:/usr/binexit 0 ;. /etc/rc.d/rc.functions. /etc/firewall.confecho -n "Starting basic firewall: "# set up spoofing protection# taken from IPCHAINS-HOWTOfor f in /proc/sys/net/ipv4/conf/*/rp_filterdo echo 1 > $fdone# log impossible addressesfor f in /proc/sys/net/ipv4/conf/*/log_martiansdo echo 1 > $fdone# default setting: deny everythingipchains -F inputipchains -P input DENYipchains -F outputipchains -P output DENY# allow all non-external interfaces for everythingipchains -A input -i ! $EXT -j ACCEPTipchains -A output -i ! $EXT -j ACCEPT# external interface # icmp incoming ipchains -A input -i $EXT -p icmp -s 0/0 echo-request -j DENY ipchains -A input -i $EXT -p icmp -j ACCEPT # tcp incoming if [ "$ALLOW_HTTP" = "yes" ]; then ipchains -A input -i $EXT -p tcp -d 0/0 http -j ACCEPT fi if [ "$ALLOW_TELNET" = "yes" ]; then ipchains -A input -i $EXT -p tcp -d 0/0 telnet -j ACCEPT fi ipchains -A input -i $EXT -p tcp -d 0/0 ftp-data -j ACCEPT ipchains -A input -i $EXT -p tcp -d 0/0 auth -j REJECT ipchains -A input -i $EXT -p tcp -d 0/0 6000:6010 -j DENY ipchains -A input -i $EXT -p tcp -d 0/0 1024:65535 -j ACCEPT # udp incoming ipchains -A input -i $EXT -p udp -d 0/0 1024:65535 -j ACCEPT # all protocols outgoing ipchains -A output -i $EXT -j ACCEPTcheck_status⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -