Linux对外发包的缓兵之计iptables

# Generated by iptables-save v1.4.7 on Fri Sep 11 09:54:56 2015
*filter
:INPUT DROP [3338:200864]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [184:18178]

#for http
-A INPUT -p tcp –dport 80 -j ACCEPT
-A OUTPUT -p tcp –sport 80 -j ACCEPT
#允许UDP服务IP
-A OUTPUT -p udp –dport 53 -d 8.8.8.8 -j ACCEPT
#禁止udp服务
-A OUTPUT -p udp -j DROP
#禁用ping
-A INPUT -p icmp –icmp-type 8 -s 0/0 -j DROP
COMMIT
# Completed on Fri Sep 11 09:54:56 2015
 
遇到服务器对外发包,用这段iptables规则可以暂时不对外发包,给予充足的时间去检查恶意发包程序。