ICMP相关应用
使自己不能ping通127.0.0.1
iptables-AINPUT-s127.0.0.1-picmp-jDROP
192.168.0.0/24网段无法ping能本机
iptables-AINPUT-s192.168.0.0/24-picmp-jDROP
禁所有机器
#iptables-AINPUT-s0/0-picmp-jDROP
#ICMP(PING)接受!echo-request
/sbin/iptables-AINPUT-picmp--icmp-type!echo-request-jACCEPT
accept_redirects
#echo"0">/proc/sys/net/ipv4/conf/all/accept_redirects
or
#sysctlnet.ipv4.conf.all.accept_redirects="0"
禁止IP访问自己
[root@linuxroot]#iptables-AINPUT-s192.168.0.253-jDROP
封杀MSN
/sbin/iptables-IFORWARD-dgateway.messenger.hotmail.com-jDROP
/sbin/iptables-IFORWARD-ptcp--dport1863-jDROP
封杀QQ
/sbin/iptables-AFORWARD-ptcp-dtcpconn.tencent.com--dport80-jDROP
/sbin/iptables-AFORWARD-ptcp-dtcpconn.tencent.com--dport443-jDROP
/sbin/iptables-AFORWARD-ptcp-dtcpconn2.tencent.com-jDROP
/sbin/iptables-AFORWARD-ieth0-pudp--dport8000-jDROP
封杀BT
/sbin/iptables-AFORWARD-ieth0-ptcp--dport6881:6890-jDROP
WWW
#禁止>>WWW
/sbin/iptables-AFORWARD-ptcp--dport80-jDROP
#开放>>WWW
/sbin/iptables-AFORWARD-ptcp--dport80-jACCEPT
FTP
#禁止FTP
/sbin/iptables-AFORWARD-ieth0-ptcp--dport20-jDROP
/sbin/iptables-AFORWARD-ieth0-ptcp--dport21-jDROP
#开放FTP
/sbin/iptables-AFORWARD-ieth0-ptcp--dport20-jACCEPT
/sbin/iptables-AFORWARD-ieth0-ptcp--dport21-jACCEPT
SMTP,POP3
#禁止SMTP,POP3
/sbin/iptables-AFORWARD-ieth0-ptcp--dport25-jDROP
/sbin/iptables-AFORWARD-ieth0-ptcp--dport110-jDROP
#开入SMTP,POP3
/sbin/iptables-AFORWARD-ieth0-ptcp--dport25-jACCEPT
/sbin/iptables-AFORWARD-ieth0-ptcp--dport110-jACCEPT
Samba
#禁止Samba
[root@linuxroot]#iptables-AFORWARD-ptcp--sport137:139-jDROP
[root@linuxroot]#iptables-AFORWARD-pudp--sport137:139-jDROP
DROP
#DROPOTHERS
/sbin/iptables-AFORWARD-ieth0-mstate--stateESTABLISHED,RELATED-jACCEPT
/sbin/iptables-AFORWARD-s192.168.1.0/24-jDROP