-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathiptables_init_rules
28 lines (28 loc) · 2.94 KB
/
iptables_init_rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# Simple static firewall loaded by iptables.service. Replace
# this with your own custom rules, run lokkit, or switch to
# shorewall or firewalld as your needs dictate.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 122.53.212.2/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN1" -j ACCEPT
-A INPUT -s 111.125.72.150/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN2" -j ACCEPT
-A INPUT -s 161.49.177.130/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN2" -j ACCEPT
-A INPUT -s 45.64.120.94/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN3" -j ACCEPT
-A INPUT -s 116.93.126.165/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN4" -j ACCEPT
-A INPUT -s 47.90.10.220/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "阿里云跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 119.28.51.253/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "腾讯云跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 180.150.132.57/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE物理机公网VPN跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 172.30.0.57/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE物理机内网VPN跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 172.25.0.1/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE物理机内网VPN跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 119.9.106.164/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE云VPN跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 172.30.0.61/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE物理机内网VPN_SSH_PORT_备用" -j ACCEPT
-A INPUT -s 172.30.0.63/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "Jumpserver" -j ACCEPT
-A INPUT -s 47.90.33.131/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 10050:10053 -m comment --comment "ZAABIX_公网_PORT" -j ACCEPT
-A INPUT -s 172.30.0.62/32 -p tcp -m tcp -m state --state NEW -m multiport --dports 10050:10053 -m comment --comment "Zabbix_proxy" -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT