From ee50f71f03556f80de4809df244df55105129549 Mon Sep 17 00:00:00 2001
From: Cx330 <1487537121@qq.com>
Date: Mon, 19 May 2025 17:38:44 +0800
Subject: [PATCH] =?UTF-8?q?=E5=B1=8F=E8=94=BD=E5=AF=B9=E5=A4=96=E9=83=A8ip?=
 =?UTF-8?q?=E8=BF=9B=E8=A1=8C=E4=B8=8A=E4=BC=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 uplink_outbound.sh | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 uplink_outbound.sh

diff --git a/uplink_outbound.sh b/uplink_outbound.sh
new file mode 100644
index 0000000..be4b922
--- /dev/null
+++ b/uplink_outbound.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# 清理 OUTPUT 链
+iptables -F OUTPUT
+
+# 允许本地回环通信
+iptables -A OUTPUT -o lo -j ACCEPT
+
+# 允许 DNS（UDP 和 TCP，DNS 解析可能用 TCP fallback）
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+
+# 允许局域网出站 允许范围为192.168.0.0 ~ 192.168.255.255
+iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT
+
+# 允许访问指定外部 IP 可设置多个
+iptables -A OUTPUT -d X.X.X.X -j ACCEPT
+
+# 丢弃所有未被允许的出站流量
+iptables -A OUTPUT -j DROP
\ No newline at end of file