1 #! /bin/sh
2
3 trusthost='192.168.10.100'
4 myhost='192.168.20.200'
5 any='0.0.0.0/0'
6
7 ##############
8 #Flush & Reset
9 ##############
10 /sbin/iptables -F
11 /sbin/iptables -Z
12 /sbin/iptables -X
13 ##############
14 #Deafult Rule
15 ##############
16 /sbin/iptables -P INPUT DROP
17 /sbin/iptables -P OUTPUT DROP
18 /sbin/iptables -P FORWARD DROP
19 #########
20 #loopback
21 #########
22 /sbin/iptables -A INPUT -i lo -j ACCEPT
23 /sbin/iptables -A OUTPUT -o lo -j ACCEPT
24 #######################
25 #ICMP trusthost->myhost
26 #######################
27 /sbin/iptables -A INPUT -p icmp --icmp-type echo-request -s $trusthost -d $myhost -j ACCEPT
28 /sbin/iptables -A OUTPUT -p icmp --icmp-type echo-reply -s $myhost -d $trusthost -j ACCEPT
29 #######################
30 #ICMP myhost->trusthost
31 #######################\
32 /sbin/iptables -A OUTPUT -p icmp --icmp-type echo-request -s $myhost -d $trusthost -j ACCEPT
33 /sbin/iptables -A INPUT -p icmp --icmp-type echo-reply -s $trusthost -d $myhost -j ACCEPT
34 #######################
35 #ssh trusthost-> myhost
36 #######################
37 /sbin/iptables -A INPUT -p tcp -s $trusthost -d $myhost --dport 22 -j ACCEPT
38 /sbin/iptables -A OUTPUT -p tcp -s $myhost --sport 22 -d $trusthost -j ACCEPT
39 #################
40 #www ANY-> myhost
41 #################
42 /sbin/iptables -A INPUT -p tcp -s $any -d $myhost --dport 80 -j ACCEPT
43 /sbin/iptables -A OUTPUT -p tcp -s $myhost --sport 80 -d $any -j ACCEPT
44 #########
45 #logging
46 #########
47 /sbin/iptables -N LOGGING
48 /sbin/iptables -A LOGGING -j LOG --log-level warning --log-prefix "DROP:" -m limit
49 /sbin/iptables -A LOGGING -j DROP
50 /sbin/iptables -A INPUT -j LOGGING
51 /sbin/iptables -A OUTPUT -j LOGGING
  テンプレート2(行番号付き)