#iptables

iptables -P INPUT ACCEPT
iptables -F

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

#app port

#ping 
iptables -A INPUT -p icmp -m icmp --icmp-type any -m limit --limit 10/s -j ACCEPT

#lo 
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -s 172.16.4.0/24 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -s 192.168.88.0/24 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

#运维
iptables -A INPUT -s 122.128.111.227 -j ACCEPT

##外网
for ip in `cat /opt/sh/ip.txt |grep -v "#"`
do
        if [ -n "$ip" ];then
         iptables -A INPUT -s $ip  -p tcp   -j ACCEPT
        fi
done




#deny all
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited