iptables -F

iptables -X

iptables -Z

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -A INPUT -p tcp --dport 56388 -j ACCEPT

iptables -A INPUT -p tcp --dport 53 -j ACCEPT

iptables -A INPUT -p udp --dport 53 -j ACCEPT

iptables -A INPUT -p tcp --sport 53 -j ACCEPT

iptables -A INPUT -p udp --sport 53 -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT 

iptables -A OUTPUT -p tcp --dport 31337 -j DROP

允许yum

iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT  #将本机设置为信任设备

iptables -A OUTPUT -p tcp --sport 10000:65535 -j ACCEPT

执行脚本

#!/bin/bash

iptables -F

iptables -X

iptables -Z

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

iptables -P FORWARD ACCEPT

iptables -A INPUT -p tcp --dport 56388 -j ACCEPT

iptables -A INPUT -p tcp --dport 53 -j ACCEPT

iptables -A INPUT -p udp --dport 53  -j ACCEPT

iptables -A INPUT -p tcp --sport 53  -j ACCEPT

iptables -A INPUT -p udp --sport 53  -j ACCEPT

iptables -A INPUT -p icmp -j ACCEPT 

iptables -A OUTPUT -p tcp --dport 31337 -j DROP

iptables -A INPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p udp --dport 53 -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A OUTPUT -p tcp --sport 10000:65535 -j ACCEPT

/etc/init.d/iptables save

iptables-save >/tmp/myipt.rule

#iptables-restore < /tmp/myipt.rule

本文出自 “比尔运维笔记” 博客，请务必保留此出处http://chenshoubiao.blog.51cto.com/6159058/1891901

针对DNS服务器的iptables规则