适合小网站的防火墙脚本_流量攻击防护-DDoS清洗-防CC攻击-网站防护-服务器防御-游戏盾-高防CDN

#!/bin/bash

iptables -F

#set default chain to DROP

iptables -P INPUT DROP

iptables -P FORWARD DROP

iptables -P OUTPUT DROP

#Allow Incoming SSH,HTTP and HTTPS

iptables -A INPUT -i eth0 -p tcp -m multiport --dports 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 22,80,443 -m state --state ESTABLISHED -j ACCEPT

#Allow Outgoing SSH,HTTP and HTTPS

iptables -A OUTPUT -o eth0 -p tcp -m multiport --dport 22,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -i eth0 -p tcp -m multiport --sport 22,80,443 -m state --state ESTABLISHED -j ACCEPT

#Allow Ping from Inside to Outside

iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT

iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT

#Allow Loopback Access

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

#Allow outbound DNS

iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT

iptables -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT

#Prevent DoS Attack including CC attack and so on

iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT