簡單的iptables規則
nano /etc/firewalld.service
# http port 80
iptables -A INPUT -i eth0 -p tcp –dport 80 -j ACCEPT
# https port 443
iptables -A INPUT -i eth0 -p tcp –dport 443 -j ACCEPT
# webmin port 10000
iptables -A INPUT -i eth0 -p tcp –dport 10000 -j ACCEPT
# vsftpd port 21
iptables -A INPUT -i eth0 -p tcp –dport 21 -j ACCEPT
# pptpd prot 1723
iptables -A INPUT -p tcp –dport 1723 -j ACCEPT
iptables -A OUTPUT -p tcp –sport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
# NAT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT –to-source x.x.x.x
iptables -A FORWARD -i ppp+ -j ACCEPT
iptables -A FORWARD -o ppp+ -j ACCEPT
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
在/etc/rc.local建立開機執行
nano /etc/rc.local
sh /etc/firewalld.service
修改成可執行檔
chmod +x /etc/firewalld.service