在Linode VPS 安装防火墙支持VPN

2012年7月2日 | 分类: Linode | 标签: ,

1.Check your Linode’s default firewall rules by entering the following command:

#iptables -L

2.Examine the output. If you haven’t implemented any firewall rules yet, you should see an empty ruleset, as shown below:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

3.Create a file to hold your firewall rules by entering the following command:

# vim /etc/iptables.firewall.rules

4.Now it’s time to create some firewall rules. We’ve created some basic rules to get you started. Copy and paste the rules shown below in to the iptables.firewall.rules file you just created.
File:/etc/iptables.firewall.rules

*filter

#  Allow all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d 127.0.0.0/8 -j REJECT

#  Accept all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

#  Allow all outbound traffic - you can modify this to only allow certain traffic
-A OUTPUT -j ACCEPT

#  Allow HTTP and HTTPS connections from anywhere (the normal ports for websites and SSL).
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
#开启pptp vpn
-A INPUT -p tcp --dport 1723 -j ACCEP

#  Allow SSH connections
#
#  The -dport number should be the same port number you set in sshd_config
#
-A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

#  Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

#  Log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

#  Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT
#如果开启了pptp vpn,则应在-A FORWARD -j REJECT上面增加以下内容
-A FORWARD -s 192.168.0.0/24 -o eth0 -j ACCEPT
-A FORWARD -d 192.168.0.0/24 -i eth0 -j ACCEPT

COMMIT

5.Activate the firewall rules by entering the following command:

#iptables-restore < /etc/iptables.firewall.rules

6.Recheck your Linode’s firewall rules by entering the following command:

iptables -L

7.save iptables

/etc/init.d/iptables save


8.restart iptables

/etc/init.d/iptables restart
  1. ryan
    2012年7月2日18:46

    是centos6.2 32位环境

  2. ding
    2012年7月3日08:28

    嗯,测试一下看看是否有效

    • ryan
      2012年7月3日08:30

      我试过了,没有问题