#!/bin/sh

# Remove any existing rules

# 清除规则

/sbin/iptables -F

# 清除用户自定义规则

/sbin/iptables -X

# 清除链的计数器

/sbin/iptables -Z

# setting default firewall policy

# 设置INPUT,OUTPUT,FORWARD链的默认规则

/sbin/iptables -P INPUT DROP

/sbin/iptables -P FORWARD DROP

/sbin/iptables -P OUTPUT INPUT

# setting for loopback interface

/sbin/iptables -A INPUT -i lo -j ACCEPT

/sbin/iptables -A OUTPUT -o lo -j ACCEPT

# setting for icmp

/sbin/iptables -A INPUT -p icmp -j ACCEPT

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# global rules

/sbin/iptables -A INPUT -p tcp --dport  -j ACCEPT

/sbin/iptables -A INPUT -p tcp -s 12.114.114.114/ -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport  -j ACCEPT

/sbin/iptables -A INPUT -p tcp -s 124.23.62.96/ -m comment --comment "办公室固定ip" -j ACCEPT

/sbin/iptables -A INPUT -p tcp -s 192.168.2.0/ -m comment --comment "IDC机房内网网段" -j ACCEPT

/sbin/iptables -A INPUT -p tcp -s 10.0.0.0/ -m comment --comment "其他机房的内网网段" -j ACCEPT

/sbin/iptables -A INPUT -p tcp -s 203.82.23.0/ -m comment --comment "其他IDC机房的外网网段" -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport  -j ACCEPT

/usr/sbin/service iptables save