CentOS 6.8 下 iptables开机脚本设置

 1、创建

vim /usr/local/sbin/iptables.sh

#!/bin/bash

# Stop iptables service first
service iptables stop

# Load FTP Kernel modules
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_ftp

# Inital chains default policy
/sbin/iptables -F -t filter
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT


# Enable Native Network Transfer
/sbin/iptables -A INPUT -i lo -j ACCEPT

# Accept Established Connections
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# ICMP Control
/sbin/iptables -A INPUT -p icmp -j ACCEPT

# SSH Service
/sbin/iptables -A INPUT -p tcp --dport 22-j ACCEPT

# WEB Service
/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT

# VNC Service
/sbin/iptables -A INPUT -p tcp --dport 5901 -j ACCEPT

# FTP Service
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT

２、添加开机启动脚本

vim /etc/rc.local

# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/usr/local/sbin/iptables.sh