无法在Linux中启动iptables防火墙的脚本 我有一个脚本:
#!/bin/bash
### BEGIN INIT INFO
# Provides: firewall
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start daemon at boot time
# Description: Enable service provided by daemon.
### END INIT INFO
IPTABLES="/sbin/iptables"
START="/bin/bash"
PATH="/sbin:/bin:/usr/sbin:/usr/bin"
NAME="$0"
N="/etc/init.d/$NAME"
if [ ! -f /scripts/rc.firewall ]; then
echo "/scripts/rc.firewall does not exist"
exit 0
fi
case "$1" in
start|restart)
echo -n "Starting up iptables firewall..."
$START /scripts/rc.firewall
echo "done."
;;
stop)
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F
$IPTABLES -X
for TABLE in filter nat mangle
do
$IPTABLES -t $TABLE -F
$IPTABLES -t $TABLE -X
$IPTABLES -t $TABLE -Z
done
echo "done."
exit 0;
;;
*)
echo "Usage: $N {start|restart|stop}" >&2
exit 1
;;
esac
exit 0
此脚本启动其他脚本:
#!/bin/bash
IPTABLES="/sbin/iptables"
SSHport=$( set | grep "\(SSH_CONNECTION\)" | sed -e "s/^SSH_CONNECTION='//g" | sed -e "s/^[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\x20[0-9]*\x20//g" | sed -e "s/^[0-9$
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_state
/sbin/modprobe ipt_owner
/sbin/modprobe ipt_REJECT
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc
/sbin/modprobe ip_gre
/sbin/modprobe ip_nat_pptp
if [ -f /scripts/ssh_allow.txt ]; then
for SSH_ALLOW in `grep -v ^# /scripts/ssh_allow.txt`; do
$IPTABLES -A INPUT -s $SSH_ALLOW -p tcp -m tcp --dport $SSHport -j ACCEPT
done
fi
$IPTABLES -A INPUT -p tcp -m tcp --dport $SSHport -j DROP
if [ -f /scripts/bad_input_ip.txt ]; then
for BAD_INPUT_IP in `grep -v ^# /scripts/bad_input_ip.txt`; do
$IPTABLES -A INPUT -s $BAD_INPUT_IP -j DROP
done
fi
if [ -f /scripts/port_deny.txt ]; then
for PORT_DENY in `grep -v ^# /scripts/port_deny.txt`; do
$IPTABLES -A INPUT -p tcp --dport $PORT_DENY -j DROP
done
fi
当我试图开始时:
/etc/init.d/firewall start一切正常
但是在添加启动init脚本并重启后,我只有一条规则:
iptables -L -v -n
Chain INPUT (policy ACCEPT 2368 packets, 1433K bytes)
pkts bytes target prot opt in out source destination
2 120 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
但我应该:
iptables -L -v -n
Chain INPUT (policy ACCEPT 226 packets, 110K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.110.22 0.0.0.0/0 tcp dpt:22
11 892 ACCEPT tcp -- * * 192.168.11.2 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.1.2 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.1.22 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.110.26 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.110.27 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.110.2 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.110.1 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.110.3 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 192.168.110.4 0.0.0.0/0 tcp dpt:22
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
哪里有错误?请帮忙。