iptablesはこう書いて
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| iptables -F | |
| iptables -Z | |
| iptables -X | |
| iptables -P INPUT DROP | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT # LAN | |
| # user chain | |
| iptables -N JAPAN_ONLY | |
| #web | |
| iptables -A INPUT -p tcp -m multiport --dport 80,443 -j JAPAN_ONLY | |
| iptables -A INPUT -p tcp -m multiport --dport 80,443 -m state --state NEW -m hashlimit \ | |
| --hashlimit-name web_limit --hashlimit 2/m --hashlimit-burst 5 \ | |
| --hashlimit-mode srcip --hashlimit-htable-expire 360000 -j ACCEPT | |
| # user chain read | |
| source /etc/network/japan_only.sh |
dropは別ファイルにすると便利
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| iptables -F JAPAN_ONLY | |
| iptables -A JAPAN_ONLY -s 1.0.16.0/20 -j RETURN | |
| iptables -A JAPAN_ONLY -s 223.223.208.0/21 -j RETURN | |
| iptables -A JAPAN_ONLY -s 223.223.224.0/19 -j RETURN | |
| #↓以下続く | |
| iptables -A JAPAN_ONLY -j DROP |
参考リンク
iptablesで日本のIPアドレスからのアクセスのみ許可する
iptables の RETURN の使い方
0 件のコメント:
コメントを投稿