Iptables_limit

HACK-WU · Sep 23, 2016 · f93d1bb · f93d1bb
1 parent 77c6289
commit f93d1bb
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 3 deletions.
diff --git a/iptables/iptables_conntrack.sh b/iptables/iptables_conntrack.sh
@@ -1,9 +1,9 @@
 #!/bin/bash
 ## Iptables 2016-07-21
 ## http://www.aqzt.com
-##email: [email protected]
-##robert yu
-##centos 7
+## email: [email protected]
+## robert yu
+## centos 7
 
 
 #查看

diff --git a/iptables/iptables_limit.sh b/iptables/iptables_limit.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+## Iptables 2016-09-23
+## http://www.aqzt.com
+## email: [email protected]
+## robert yu
+## centos 6
+## iptables 流量限制，可以通过调整--limit-burst 10值来控制流入 流出
+/sbin/iptables -F
+
+/sbin/iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
+/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
+/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+/sbin/iptables -A INPUT -s 192.168.1.111 -j ACCEPT
+/sbin/iptables -A INPUT -s 192.168.1.112 -j ACCEPT
+/sbin/iptables -A INPUT  -p tcp --dport 22  -j ACCEPT
+/sbin/iptables -A INPUT  -p tcp --dport 80  -j ACCEPT
+/sbin/iptables -A INPUT -s 192.168.56.101 -m limit --limit 2400/s --limit-burst 10 -j ACCEPT 
+/sbin/iptables -A INPUT -s 192.168.56.101 -j DROP
+/sbin/iptables -A FORWARD -d 192.168.56.101 -m limit --limit 2400/s --limit-burst 10 -j ACCEPT 
+/sbin/iptables -A FORWARD -d 192.168.56.101 -j DROP
+/sbin/iptables -A FORWARD -s 192.168.56.101 -m limit --limit 2400/s --limit-burst 10 -j ACCEPT 
+/sbin/iptables -A FORWARD -s 192.168.56.101 -j DROP
+/sbin/iptables -A OUTPUT  -s 192.168.56.101 -m limit --limit 2400/s --limit-burst 10 -j ACCEPT 
+/sbin/iptables -A OUTPUT  -s 192.168.56.101 -j DROP
+/sbin/iptables -A INPUT -j REJECT
+/sbin/iptables -A FORWARD -j REJECT
+/sbin/iptables -A OUTPUT -j ACCEPT
+
+/sbin/service iptables save
+echo ok