Shell_Script<1>
2013-09-06 21:14
274 查看
Shell 编程基础
第一个shell脚本:用于尝试shell 配置防火墙
#!/bin/bash
#Program :
# This was to write for linux iptables how to .
#History:
# /2013/9/6 19:11
echo "clear all the rules on this mechine."
**清空防火墙的配置
sudo iptables -F
sudo iptables -X
echo "Welcome to set firewall with iptables.";
echo "First we just check the iptables list."
**查看防火墙的列表
sudo iptables -L -n | less
echo "View list was over.Let's start net job!"
echo "Now I gives you tow rules that accept host on 192.168.0.0 visit my pc by ssh"
**配置某网段可以通过ssh访问本机
sudo iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.89 -p tcp --dport 22 -j ACCEPT
**配置转发机制
sudo iptables -A FORWARD -i etho -o etho:0 -m state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0:0 -o eth0 -j ACCEPT
sudo iptables -A OUTPUT -s 192.168.0.89 -d 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
echo "Shows the iptables list ."
sudo iptables -L -n | less
**配置拒绝访问的规则
sudo iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.89 -p tcp --dport 22 -j DROP
sudo iptables -A OUTPUT -s 192.168.0.89 -d 192.168.0.0/24 -p tcp --dport 22 -j DROP sudo iptables -A FORWARD -i etho -o eth1 -m state RELATED,ESTABLISHED -j DROP
sudo iptables -A FORWARD -i eth1 -o eth0 -j DROP
echo "Next test .\n"
echo "Now I will show you the default rules of iptables."
**清除规则
iptables -t filter -p tcp INPUT DROP
iptables -t filter -p tcp OUTPUT DROP
echo"***"
sudo iptables -L -n | less
echo "Now next !!!"
echo "Now I will show you that configuration iptables allow localhost to ping any host on this cyber."
echo ""
**配置防火墙让本机可以访问任何网段的主机
sudo iptables -t filter -A OUTPUT -s 192.168.0.89 -d 0.0.0.0/0.0.0.0 -p icmp --icmp-type 8 -j ACCEPT
sudo iptables -t filter -A INPUT -s 0.0.0.0/0.0.0.0 -d 192.168.0.89 -p icmp --icmp-type 0 -j ACCEPT
sudo iptables -L -n | less
echo "Over ..."
echo "Now I will show you that refused the connection come from cyber 192.168.3.0/24"
**拒绝80端口访问
sudo iptables -N attach-input
sudo iptables -A attach-input -s 192.168.3.0/24 -d 192.168.0.89 -p tcp --dport 80 -j DROP
sudo iptables -L -n | less
echo "over..."
echo "Delete the rule that you defined by yourself."
**清除自定义的规则
sudo iptables -F attach-input
sudo iptables -X attach-input
sudo iptables -L | less
echo "Allow the port 80"
**通过配置允许80端口连人,连出
sudo iptables -p INPUT DROP
sudo iptables -p OUTPUT DROP
sudo iptables -p FORWARD DROP
sudo iptables -A INPUT -d 192.168.89 -p tco --dport 80 -j accept
sudo iptables -A output -s 192.168.0.89 -p tcp -sport 80 -j accept
sudo iptables -L | less
本文出自 “Security_net” 博客,请务必保留此出处http://yxh51netsec.blog.51cto.com/7743046/1290226
第一个shell脚本:用于尝试shell 配置防火墙
#!/bin/bash
#Program :
# This was to write for linux iptables how to .
#History:
# /2013/9/6 19:11
echo "clear all the rules on this mechine."
**清空防火墙的配置
sudo iptables -F
sudo iptables -X
echo "Welcome to set firewall with iptables.";
echo "First we just check the iptables list."
**查看防火墙的列表
sudo iptables -L -n | less
echo "View list was over.Let's start net job!"
echo "Now I gives you tow rules that accept host on 192.168.0.0 visit my pc by ssh"
**配置某网段可以通过ssh访问本机
sudo iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.89 -p tcp --dport 22 -j ACCEPT
**配置转发机制
sudo iptables -A FORWARD -i etho -o etho:0 -m state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i eth0:0 -o eth0 -j ACCEPT
sudo iptables -A OUTPUT -s 192.168.0.89 -d 192.168.0.0/24 -p tcp --dport 22 -j ACCEPT
echo "Shows the iptables list ."
sudo iptables -L -n | less
**配置拒绝访问的规则
sudo iptables -A INPUT -s 192.168.0.0/24 -d 192.168.0.89 -p tcp --dport 22 -j DROP
sudo iptables -A OUTPUT -s 192.168.0.89 -d 192.168.0.0/24 -p tcp --dport 22 -j DROP sudo iptables -A FORWARD -i etho -o eth1 -m state RELATED,ESTABLISHED -j DROP
sudo iptables -A FORWARD -i eth1 -o eth0 -j DROP
echo "Next test .\n"
echo "Now I will show you the default rules of iptables."
**清除规则
iptables -t filter -p tcp INPUT DROP
iptables -t filter -p tcp OUTPUT DROP
echo"***"
sudo iptables -L -n | less
echo "Now next !!!"
echo "Now I will show you that configuration iptables allow localhost to ping any host on this cyber."
echo ""
**配置防火墙让本机可以访问任何网段的主机
sudo iptables -t filter -A OUTPUT -s 192.168.0.89 -d 0.0.0.0/0.0.0.0 -p icmp --icmp-type 8 -j ACCEPT
sudo iptables -t filter -A INPUT -s 0.0.0.0/0.0.0.0 -d 192.168.0.89 -p icmp --icmp-type 0 -j ACCEPT
sudo iptables -L -n | less
echo "Over ..."
echo "Now I will show you that refused the connection come from cyber 192.168.3.0/24"
**拒绝80端口访问
sudo iptables -N attach-input
sudo iptables -A attach-input -s 192.168.3.0/24 -d 192.168.0.89 -p tcp --dport 80 -j DROP
sudo iptables -L -n | less
echo "over..."
echo "Delete the rule that you defined by yourself."
**清除自定义的规则
sudo iptables -F attach-input
sudo iptables -X attach-input
sudo iptables -L | less
echo "Allow the port 80"
**通过配置允许80端口连人,连出
sudo iptables -p INPUT DROP
sudo iptables -p OUTPUT DROP
sudo iptables -p FORWARD DROP
sudo iptables -A INPUT -d 192.168.89 -p tco --dport 80 -j accept
sudo iptables -A output -s 192.168.0.89 -p tcp -sport 80 -j accept
sudo iptables -L | less
本文出自 “Security_net” 博客,请务必保留此出处http://yxh51netsec.blog.51cto.com/7743046/1290226
相关文章推荐
- Powershell_Script<1>
- 转:Page.ClientScript.RegisterStartupScript(me.GetType(),"script1","<script>alert('111');</script>")
- Android OTA升级包制作脚本详解(五,升级脚本updater-script的执行<1>)
- <Power Shell>新的征程
- 一个小网工的笔记<1>
- shell 十三問 &lt;转&gt;
- 学习Shell的一些实用资料 &lt;转&gt;
- 学习笔记:shell 中 [-eq] [-ne] [-gt] [-lt] [ge] [le]
- kk <script>alert(2222);</script>
- 数值<1>__笔记(7)
- Perl Tk grid布局管理器<1>
- 吉他学习<1>曲谱
- 二进制<1>
- <script>window.location='http://www.baidu.com';</script>
- 增量备份和恢复<1>
- java技术达人养成记<1>一位java技术达人的成长历程(四年)
- Tabris.js 介绍与学习<1>
- MFC 学习之 颜色设置<1>
- 静态html回顾<1>
- CSS3学习笔记<1>