WDCP iptables 限制IP访问
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [65:12817]
:RH-Firewall-1-INPUT - [0:0]
#-A INPUT -p tcp -m tcp --dport 11211 -j ACCEPT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 20000:20500 -j ACCEPT
-A RH-Firewall-1-INPUT -s 111.67.104.87/32 -p tcp -m state --state NEW -m tcp --dport 33899 -j ACCEPT
-A RH-Firewall-1-INPUT -s 119.82.254.50/32 -p tcp -m state --state NEW -m tcp --dport 33899 -j ACCEPT
-A RH-Firewall-1-INPUT -s 101.78.198.112/28 -p tcp -m state --state NEW -m tcp --dport 33899 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.248.186.71/32 -p tcp -m state --state NEW -m tcp --dport 33899 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.248.186.81/32 -p tcp -m state --state NEW -m tcp --dport 33899 -j ACCEPT
-A RH-Firewall-1-INPUT -s 119.15.95.224/28 -p tcp -m state --state NEW -m tcp --dport 33899 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.232.36.241/32 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.232.37.241/32 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.232.38.241/32 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.232.39.241/32 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -s 111.67.104.87/32 -p tcp -m state --state NEW -m tcp --dport 2100 -j ACCEPT
-A RH-Firewall-1-INPUT -s 119.82.254.50/32 -p tcp -m state --state NEW -m tcp --dport 2100 -j ACCEPT
-A RH-Firewall-1-INPUT -s 101.78.198.112/28 -p tcp -m state --state NEW -m tcp --dport 2100 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.248.186.71/32 -p tcp -m state --state NEW -m tcp --dport 2100 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.248.186.81/32 -p tcp -m state --state NEW -m tcp --dport 2100 -j ACCEPT
-A RH-Firewall-1-INPUT -s 119.15.95.224/28 -p tcp -m state --state NEW -m tcp --dport 2100 -j ACCEPT
-A RH-Firewall-1-INPUT -s 111.67.104.87/32 -p tcp -m state --state NEW -m tcp --dport 8800 -j ACCEPT
-A RH-Firewall-1-INPUT -s 119.82.254.50/32 -p tcp -m state --state NEW -m tcp --dport 8800 -j ACCEPT
-A RH-Firewall-1-INPUT -s 101.78.198.112/28 -p tcp -m state --state NEW -m tcp --dport 8800 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.248.186.71/32 -p tcp -m state --state NEW -m tcp --dport 8800 -j ACCEPT
-A RH-Firewall-1-INPUT -s 103.248.186.81/32 -p tcp -m state --state NEW -m tcp --dport 8800 -j ACCEPT
-A RH-Firewall-1-INPUT -s 119.15.95.224/28 -p tcp -m state --state NEW -m tcp --dport 8800 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2100 -j DROP
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8800 -j DROP
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 33833 -j DROP
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 161 -j DROP
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
正文部分到此结束
