iptables

4/4/2019 - 1:44 PM

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
ICMP-type对应表 http://www.361way.com/icmp-type/1186.html

iptables.rule

# Generated by iptables-save v1.4.21 on Mon Nov 12 19:39:24 2018
*nat
:PREROUTING ACCEPT [681:40070]
:INPUT ACCEPT [54:2534]
:OUTPUT ACCEPT [3:200]
:POSTROUTING ACCEPT [3:200]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 10.32.254.0/24 -j SNAT --to-source 180.97.83.43
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 5000 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 5000 -j DNAT --to-destination 172.17.0.3:5000
COMMIT
# Completed on Mon Nov 12 19:39:24 2018
# Generated by iptables-save v1.4.21 on Mon Nov 12 19:39:24 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT -m comment --comment "permit lo"
-A INPUT -m iprange --src-range 10.32.254.1-10.32.254.254 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p vrrp -j ACCEPT -m comment --comment "permit vrrp"
-A INPUT -p icmp -j ACCEPT -m comment --comment "permit ICMP"
-A INPUT -p tcp -m tcp -m multiport --dports 80,443,8080,19088,18088 -j ACCEPT -m comment --comment "access web"
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "permit RELATED,ESTABLISHED" -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j ACCEPT -m comment --comment "允许服务器对外访问"
-A INPUT -j DROP -m comment --comment "禁止策略请放尾部"
COMMIT
# Completed on Mon Nov 12 19:39:24 2018

iptables_2.rules

# Generated by iptables-save v1.4.21 on Mon Nov 12 19:39:24 2018
*nat
:PREROUTING ACCEPT [:]
:INPUT ACCEPT [:]
:OUTPUT ACCEPT [:]
:POSTROUTING ACCEPT [:]
-A POSTROUTING -s 10.32.254.0/24 -o bond0 -j MASQUERADE
COMMIT
# Completed on Mon Nov 12 19:39:24 2018
# Generated by iptables-save v1.4.21 on Mon Nov 12 19:39:24 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT -m comment --comment "permit lo"
-A INPUT -m iprange --src-range 10.32.254.1-10.32.254.254 -j ACCEPT  -m comment --comment "local network"
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -m comment --comment "ssh port"
-A INPUT -p tcp -m tcp -m multiport --dports 80,443,8080,19088,18088 -j ACCEPT -m comment --comment "access web"
-A INPUT -p tcp -d 180.97.83.43 --dport 6443 -j ACCEPT -m comment --comment "for hao's k8s"
-A INPUT -p vrrp -j ACCEPT -m comment --comment "permit vrrp"
-A INPUT -p icmp -j ACCEPT -m comment --comment "permit ICMP"
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "permit RELATED,ESTABLISHED" -j ACCEPT
-A OUTPUT -j ACCEPT -m comment --comment "permit output"
-A INPUT -j DROP -m comment --comment "drop others"
COMMIT
# Completed on Mon Nov 12 19:39:24 2018

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

iptables