2025-05-19 17:38:44 +08:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
|
|
# 清理 OUTPUT 链
|
|
|
|
|
|
iptables -F OUTPUT
|
|
|
|
|
|
|
|
|
|
|
|
# 允许本地回环通信
|
|
|
|
|
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
|
|
|
|
|
2025-05-19 17:40:15 +08:00
|
|
|
|
# 允许 DNS ( UDP 和 TCP,DNS 解析可能用 TCP fallback )
|
2025-05-19 17:38:44 +08:00
|
|
|
|
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
|
|
|
|
|
|
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
|
|
# 允许局域网出站 允许范围为192.168.0.0 ~ 192.168.255.255
|
|
|
|
|
|
iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT
|
|
|
|
|
|
|
|
|
|
|
|
# 允许访问指定外部 IP 可设置多个
|
|
|
|
|
|
iptables -A OUTPUT -d X.X.X.X -j ACCEPT
|
|
|
|
|
|
|
|
|
|
|
|
# 丢弃所有未被允许的出站流量
|
|
|
|
|
|
iptables -A OUTPUT -j DROP
|
