#!/bin/bash
###########################

 
export LANG=C
export LC_ALL=C
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin


#####filter table ##########



########INPUT chains ########
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
 
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type any -m limit --limit 40/s -j ACCEPT
 
######pil########
iptables -A INPUT  -p tcp -m multiport --dports 80,443,8080,32000,10050 -j ACCEPT

#####yunweiIP-baoleijiIP######
iptables -A INPUT  -s 122.128.111.227  -p tcp --dport 22  -j ACCEPT
iptables -A INPUT  -s 192.168.13.8  -p tcp --dport 22  -j ACCEPT
iptables -A INPUT  -s 192.168.8.2  -p tcp --dport 22  -j ACCEPT
iptables -A INPUT  -s 192.168.1.2  -p tcp --dport 22  -j ACCEPT
iptables -A INPUT  -s 192.168.1.69  -p tcp --dport 22  -j ACCEPT
iptables -A INPUT  -s 122.128.111.146  -p tcp --dport 22  -j ACCEPT


#######global#####
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

########save#######
iptables-save -c > /etc/sysconfig/iptables