CentOS3 Linux 服务器环境配置以及优化详解(7)

时间:2014-06-01 15:28来源:网络整理作者:网络点击: 次

分享到：

FTP on TCP Port 21 SSH on TCP Port 22 SMTP on TCP Port 25 HTTP on TCP Port 80 POP on TCP Port 110 # vi /usr/local/sbin/fw.sh 将下面脚本粘贴到fw.sh中: #! /bin/bash # This Net-Filter script was

FTP on TCP Port 21
SSH on TCP Port 22
SMTP on TCP Port 25
HTTP on TCP Port 80
POP on TCP Port 110
# vi /usr/local/sbin/fw.sh
将下面脚本粘贴到fw.sh中:

   #! /bin/bash
   # This Net-Filter script was create by Discuz! - Nanu.
   # Support: nanu@discuz.com
   # Set FTP Passive Transfer Mode
   /sbin/modprobe ip_conntrack_ftp
   /sbin/modprobe ip_nat_ftp
   # Initalize
   /sbin/iptables -F -t filter
   /sbin/iptables -F -t nat
   /sbin/iptables -P INPUT DROP
   /sbin/iptables -P OUTPUT ACCEPT
   /sbin/iptables -P FORWARD DROP
   # Enable Private Network lo & eth1 Access
   /sbin/iptables -A INPUT -i lo -j ACCEPT
   /sbin/iptables -A INPUT -i eth1 -j ACCEPT
   #################################
   #### Server Security Settings ###
   #################################
   # ICMP Control
   /sbin/iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 10 -j ACCEPT
   # FTP Service
   /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
   # SSH Service
   /sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
   # Mail Service
   /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT
   /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT
   # WWW Service
   /sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
   # Deny Other Connections
   /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
保存完毕后,执行以下命令: