Nano/lazy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update iptables-load

Browse Source
This commit is contained in:
Konano 2024-08-02 03:42:07 +08:00
parent 6c98bfb6c3
commit fad0a57f67
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
files/iptables-load
View File

@ -15,15 +15,23 @@ add_input_tcp_filter() {
check_and_add_iptables INPUT -p tcp -m tcp --dport "$1" -m comment --comment "$2" -j ACCEPT check_and_add_iptables INPUT -p tcp -m tcp --dport "$1" -m comment --comment "$2" -j ACCEPT
} }
add_input_udp_filter() {
check_and_add_iptables INPUT -p udp -m udp --dport "$1" -m comment --comment "$2" -j ACCEPT
}
# allow basic services # allow basic services
add_input_tcp_filter 22 SSH add_input_tcp_filter 22 SSH
add_input_tcp_filter 2263 SSH add_input_tcp_filter 2263 SSH
add_input_tcp_filter 80 HTTP add_input_tcp_filter 80 HTTP
add_input_tcp_filter 443 HTTPS add_input_tcp_filter 443 HTTPS
# allow TCP
# add_input_tcp_filter 111 Tencent
# add_input_udp_filter 111 Tencent
# allow DNS # allow DNS
check_and_add_iptables INPUT -p tcp --dport 53 -j ACCEPT -m comment --comment "DNS" # add_input_tcp_filter 53 DNS
check_and_add_iptables INPUT -p udp --dport 53 -j ACCEPT -m comment --comment "DNS" # add_input_udp_filter 53 DNS
# allow internal network # allow internal network
check_and_add_iptables INPUT -s 127.0.0.0/24 -m comment --comment "Internal Network" -j ACCEPT check_and_add_iptables INPUT -s 127.0.0.0/24 -m comment --comment "Internal Network" -j ACCEPT
@ -36,4 +44,7 @@ check_and_add_iptables INPUT -i lo -j ACCEPT
# dropped for INPUT by default # dropped for INPUT by default
iptables -P INPUT DROP iptables -P INPUT DROP
# allow by default
add_input_tcp_filter 9443 gost-proxy add_input_tcp_filter 9443 gost-proxy
# ====================