iptables 셋팅법 NEW

Mr.키아 2018.02.09 21:47:05

iptables -F
iptables -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
#루프백 허용
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o -lo -j ACCEPT
#내부 네트워크 접속
iptables -A fedora -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
#DNS 외부접속허용
iptables -A fedora -p udp -m udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
#ICMP 핑 허용
iptables -A OUTPUT -o eth0 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A fedora -i eth0 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -o eth0 -p icmp --icmp-type echo-reply -j ACCEPT
#HTTP 포트 허용
iptables -A fedora -i eth0 -p tcp -m tcp --sport 80 --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 80 -j ACCEPT
iptables -A fedora -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -o eth0 0p tcp -m tcp --sport 80 -j ACCEPT
#HTTPS 포트 허용
iptables -A fedora -i eth0 -p tcp -m tcp --sport 443 --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 443 -j ACCEPT
iptables -A fedora -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -o eth0 0p tcp -m tcp --sport 443 -j ACCEPT
#FTP 허용
iptables -A fedora -i eth0 -p tcp -m tcp --sport 21 --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT
iptables -A fedora -i eth0 -p tcp -m tcp --sport 21 --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 21 -j ACCEPT
iptables -A fedora -i eth0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -j ACCEPT
iptables -A fedora -i eth0 -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 21 -j ACCEPT
iptables -A fedora -i eth0 -p tcp -m tcp --dport 1024:65535 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 1024:65535 -j ACCEPT
#SSH 접속포트
iptables -A fedora -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT