iptables_rules_rack

# sample configuration for iptables service
# # you can edit this manually or use system-config-firewall
# # please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
#
#-A INPUT                                  -p all -m state --state NEW -m recent --name port_scan --update --seconds 1800 --hitcount 10 -j DROP
-A INPUT                                  -p tcp -m tcp --syn -m multiport --dports 22,22992 -m recent --name ssh --update --seconds 600 --hitcount 4 -j DROP
-A INPUT                                  -p tcp -m tcp --syn -m multiport --dports 22,22992 -m recent --name ssh --set
#-A INPUT                                 -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "SSH_PORT" -j ACCEPT
-A INPUT -s 111.125.72.150/32             -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN1" -j ACCEPT
-A INPUT -s 116.93.126.165/32             -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN2" -j ACCEPT
-A INPUT -s 124.6.140.254/32              -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN3" -j ACCEPT
-A INPUT -s 210.213.83.46/32              -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "MOA_OFFICE_SSH_PORT_WAN4" -j ACCEPT
-A INPUT -s 180.150.132.57/32             -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE物理机公网VPN跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 119.9.106.164/32               -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "RACKSPACE跳板_SSH_PORT" -j ACCEPT
-A INPUT -s 180.150.154.113/32            -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "CMDB-SERVER" -j ACCEPT
-A INPUT -s 172.30.0.56/32                -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_Anyconnect_SSH_PORT" -j ACCEPT
-A INPUT -s 172.30.0.57/32                -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_Anyconnect_SSH_PORT" -j ACCEPT
-A INPUT -s 172.30.0.61/32                -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_Anyconnect_SSH_PORT" -j ACCEPT
-A INPUT -s 172.25.0.56/32                -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_Anyconnect_SSH_PORT" -j ACCEPT
-A INPUT -s 172.25.0.1/32                 -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_Anyconnect_SSH_PORT" -j ACCEPT
-A INPUT -s 172.25.0.61/32                -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_Anyconnect_SSH_PORT" -j ACCEPT
-A INPUT -s 172.25.0.63/32                -p tcp -m state --state NEW -m tcp -m multiport --dports 22,22992 -m comment --comment "RACK香港_JumpServer_SSH_PORT" -j ACCEPT
-A INPUT -s 172.31.0.0/16                 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,22992 -m comment --comment "AWS内网" -j ACCEPT
-A INPUT                                  -p all -m recent --name port_scan --set
#
-A INPUT -s 180.150.154.122/32            -p tcp -m tcp -m state --state NEW -m multiport --dports 10050:10053 -m comment --comment "ZAABIX_公网_PORT" -j ACCEPT
#
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT