#!/bin/bash
iptables -F
iptables -X
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP //echo-request——回显请求(Ping请求)
iptables -A INPUT -j DROP
iptables -L
nft flush table filter
nft add rule filter input ct state related,established accept
nft add rule filter input iif lo accept
nft add rule filter input oif lo accept
nft add rule filter input ct state new tcp dport 22 accept
nft add rule filter input ct state new tcp dport 80 accept
nft insert rule filter input icmp type echo-request drop
nft insert rule filter input ip protocol icmp ip saddr 1.2.3.4 drop
nft add rule filter input drop
nft list table filter
iptables -F
iptables -X
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j DROP //echo-request——回显请求(Ping请求)
iptables -A INPUT -j DROP
iptables -L
nft flush table filter
nft add rule filter input ct state related,established accept
nft add rule filter input iif lo accept
nft add rule filter input oif lo accept
nft add rule filter input ct state new tcp dport 22 accept
nft add rule filter input ct state new tcp dport 80 accept
nft insert rule filter input icmp type echo-request drop
nft insert rule filter input ip protocol icmp ip saddr 1.2.3.4 drop
nft add rule filter input drop
nft list table filter