屏蔽对外部ip进行上传
This commit is contained in:
commit
ee50f71f03
20
uplink_outbound.sh
Normal file
20
uplink_outbound.sh
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# 清理 OUTPUT 链
|
||||||
|
iptables -F OUTPUT
|
||||||
|
|
||||||
|
# 允许本地回环通信
|
||||||
|
iptables -A OUTPUT -o lo -j ACCEPT
|
||||||
|
|
||||||
|
# 允许 DNS(UDP 和 TCP,DNS 解析可能用 TCP fallback)
|
||||||
|
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
|
||||||
|
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
|
||||||
|
|
||||||
|
# 允许局域网出站 允许范围为192.168.0.0 ~ 192.168.255.255
|
||||||
|
iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT
|
||||||
|
|
||||||
|
# 允许访问指定外部 IP 可设置多个
|
||||||
|
iptables -A OUTPUT -d X.X.X.X -j ACCEPT
|
||||||
|
|
||||||
|
# 丢弃所有未被允许的出站流量
|
||||||
|
iptables -A OUTPUT -j DROP
|
||||||
Loading…
x
Reference in New Issue
Block a user