环境:
eth0(外网)
eth1(内网)
对外开了FTP,对内全开
#! /bin/bash /sbin/modprobe ip_conntrack_ftp ports=21 /sbin/modprobe ip_nat_ftp ports=21 /sbin/iptables -F -t filter /sbin/iptables -F -t nat /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P FORWARD ACCEPT /sbin/iptables -t nat -P PREROUTING ACCEPT /sbin/iptables -t nat -P POSTROUTING ACCEPT /sbin/iptables -t nat -P OUTPUT ACCEPT
# ALLOW loopback NET and PRIVATE /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -i eth1 -j ACCEPT
# FTP /sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT
# KEEP CONNECTIONS /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# NAT /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE |