1 #! /bin/sh
     2
     3 trusthost='10.0.0.0/24'
     4 myhost='10.0.0.1'
     5 any='0.0.0.0/0'
     6
     7 #Enable SYN Cookie
     8 echo '1' > /proc/sys/net/ipv4/tcp_syncookies
     9 #Disable Broadcat Ping
    10 echo '1' > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    11
    12 ##############
    13 #Flush & Reset
    14 ##############
    15 iptables -F
    16 iptables -X
    17 ##############
    18 #Deafult Rule
    19 ##############
    20 iptables -P INPUT DROP
    21 iptables -P OUTPUT DROP
    22 iptables -P FORWARD DROP
    23 #########
    24 #loopback
    25 #########
    26 iptables -A INPUT -i lo -j ACCEPT
    27 iptables -A OUTPUT -o lo -j ACCEPT
    28 #######################
    29 #ICMP trusthost->myhost
    30 #######################
    31 #long term
    32 iptables -A INPUT -p icmp --icmp-type echo-request -s $trusthost -d $myhost -m limit --limit 1/m --limit-burst 10 -j ACCEPT
    33 #short term
    34 #iptables -A INPUT -p icmp --icmp-type echo-request -s $trusthost -d $myhost -m limit --limit 1/s --limit-burst 5 -j ACCEPT
    35 iptables -A OUTPUT -p icmp --icmp-type echo-reply -s $myhost -d $trusthost -j ACCEPT
    36
    37 #######################
    38 #ICMP myhost->trusthost
    39 #######################
    40 iptables -A OUTPUT -p icmp --icmp-type echo-request -s $myhost -d $trusthost -j ACCEPT
    41 iptables -A INPUT -p icmp --icmp-type echo-reply -s $trusthost -d $myhost -j ACCEPT
    42 #######################
    43 #ssh trusthost-> myhost
    44 #######################
    45 iptables -A INPUT -p tcp -s $trusthost -d $myhost --dport 22 -j ACCEPT
    46 iptables -A OUTPUT -p tcp -s $myhost --sport 22 -d $trusthost -j ACCEPT
    47 #########
    48 #logging
    49 #########
    50 iptables -N LOGGING
    51 iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
    52 iptables -A LOGGING -j DROP
    53 iptables -A INPUT -j LOGGING
    54 iptables -A OUTPUT -j LOGGING
  テンプレート13(行番号付き)