Linux 防火墙 iptables 规则 原

[root@localhost logonuser]# cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [26:3412] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT  -A FORWARD -j RH-Firewall-1-INPUT  -A RH-Firewall-1-INPUT -i lo -j ACCEPT  -A RH-Firewall-1-INPUT -i tun0 -o eth0 -j ACCEPT  -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT  -A RH-Firewall-1-INPUT -p esp -j ACCEPT  -A RH-Firewall-1-INPUT -p ah -j ACCEPT  -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT  -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT  -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT  -A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPT  -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT  -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT  -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT  -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT  -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 7001 -j ACCEPT #端口范围 -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20000:65535 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited  COMMIT [root@localhost logonuser]#