iptablesの設定

設定ファイルを作成

sudo vim /etc/sysconfig/iptables

/etc/sysconfig/iptables

*filter
:INPUT    DROP    [0:0]
:FORWARD  DROP    [0:0]
:OUTPUT   ACCEPT  [0:0]
:SERVICES -       [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s --limit-burst 4  -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -j SERVICES
-A INPUT -p udp --sport 53 -j ACCEPT
-A INPUT -p udp --sport 123 --dport 123 -j ACCEPT

-A SERVICES -p tcp --dport 25 -j ACCEPT
-A SERVICES -p tcp --dport 110 -j ACCEPT
-A SERVICES -p tcp --dport 587 -j ACCEPT
-A SERVICES -p tcp --dport 80 -j ACCEPT
-A SERVICES -p tcp --dport 443 -j ACCEPT

-A INPUT -p udp -m udp --dport 137:138 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 139 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT


COMMIT

設定を反映

sudo service iptables restart

sudo iptables -L

sudo chkconfig iptables on

sudo chkconfig --list iptables