vi /etc/sysconfig/iptables

By | 2012년 8월 6일

[root@localhost ddd]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Sun Jul 29 05:39:42 2012
*nat
: PREROUTING ACCEPT [3465:769364]
: POSTROUTING ACCEPT [194:11943]
: OUTPUT ACCEPT [193:11903]
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p tcp -j MASQUERADE –to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -p udp -j MASQUERADE –to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/255.255.255.0 -d ! 192.168.122.0/255.255.255.0 -j MASQUERADE
COMMIT
# Completed on Sun Jul 29 05:39:42 2012
# Generated by iptables-save v1.3.5 on Sun Jul 29 05:39:42 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2871:1707973]
:RH-Firewall-1-INPUT – [0:0]
-A INPUT -i virbr0 -p udp -m udp –dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp –dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp –dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp –dport 67 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -d 192.168.122.0/255.255.255.0 -o virbr0 -m state –state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/255.255.255.0 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT –reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT –reject-with icmp-port-unreachable
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp –icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp –dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -s 111.111.111.0/24 -p tcp –dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -s 111.111.111.0/24 -p tcp –dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 23 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state –state NEW -m udp –dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state –state NEW -m tcp –dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 111.111.111.0/24 -p tcp –dport 3306 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited

  • hsc95pi

    iptables 재시작
    /etc/init.d/iptables restart