ssh代理服务器，屏蔽掉不常用的端口 - LinuxVPS使用教程

ssh代理服务器，屏蔽掉不常用的端口

ssh代理服务器，很可能被人利用来做坏事，需要屏蔽掉不常用的端口，用到下面端口的，90%都是有不良动机的，这类客户，可以拒绝掉，免得带来灾难。

iptables -I OUTPUT -p tcp --dport 25 -j DROP
iptables -I OUTPUT -p tcp --dport 587 -j DROP
iptables -I OUTPUT -p tcp --dport 465 -j DROP
iptables -I OUTPUT -p tcp --dport 135 -j DROP
iptables -I OUTPUT -p tcp --dport 137 -j DROP
iptables -I OUTPUT -p tcp --dport 138 -j DROP
iptables -I OUTPUT -p tcp --dport 139 -j DROP
iptables -I OUTPUT -p tcp --dport 445 -j DROP
iptables -I OUTPUT -p tcp --dport 500 -j DROP
iptables -I OUTPUT -p tcp --dport 1701 -j DROP
iptables -I OUTPUT -p tcp --dport 4500 -j DROP
iptables -I OUTPUT -p tcp --dport 593 -j DROP
iptables -I OUTPUT -p tcp --dport 1025 -j DROP
iptables -I OUTPUT -p tcp --dport 1194 -j DROP
iptables -I OUTPUT -p tcp --dport 1433 -j DROP
iptables -I OUTPUT -p tcp --dport 3306 -j DROP
iptables -I OUTPUT -p tcp --dport 5038 -j DROP
iptables -I OUTPUT -p tcp --dport 5060 -j DROP
iptables -I OUTPUT -p tcp --dport 3306 -j DROP
iptables -I OUTPUT -p tcp --dport 3389 -j DROP
iptables -I OUTPUT -p tcp --dport 22 -j DROP

[www.ctohome.com]# service iptables save - 保存
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]

[www.ctohome.com]# iptables -L - 核查
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       tcp -- anywhere             anywhere            tcp dpts:6880:6899 state NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

DROP       tcp -- anywhere             anywhere            tcp dpt:ssh
DROP       tcp -- anywhere             anywhere            tcp dpt:openvpn
DROP       tcp -- anywhere             anywhere            tcp dpt:ms-wbt-server
DROP       tcp -- anywhere             anywhere            tcp dpt:mysql
DROP       tcp -- anywhere             anywhere            tcp dpt:sip
DROP       tcp -- anywhere             anywhere            tcp dpt:5038
DROP       tcp -- anywhere             anywhere            tcp dpt:mysql
DROP       tcp -- anywhere             anywhere            tcp dpt:ms-sql-s
DROP       tcp -- anywhere             anywhere            tcp dpt:blackjack
DROP       tcp -- anywhere             anywhere            tcp dpt:http-rpc-epmap
DROP       tcp -- anywhere             anywhere            tcp dpt:ipsec-nat-t
DROP       tcp -- anywhere             anywhere            tcp dpt:l2tp
DROP       tcp -- anywhere             anywhere            tcp dpt:isakmp
DROP       tcp -- anywhere             anywhere            tcp dpt:microsoft-ds
DROP       tcp -- anywhere             anywhere            tcp dpt:netbios-ssn
DROP       tcp -- anywhere             anywhere            tcp dpt:netbios-dgm
DROP       tcp -- anywhere             anywhere            tcp dpt:netbios-ns
DROP       tcp -- anywhere             anywhere            tcp dpt:epmap
DROP       tcp -- anywhere             anywhere            tcp dpt:smtps
DROP       tcp -- anywhere             anywhere            tcp dpt:submission
DROP       tcp -- anywhere             anywhere            tcp dpt:smtp
DROP       tcp -- anywhere             anywhere            tcp dpt:ms-wbt-server

相关文章：

Windows下使用ssh代理来访问国外的youtube和twitter/fackbook等网站
 如何设置SSH代理帐号安全性，怎样不允许ssh帐号登录shell？
申请SSH代理帐号，购买ssh帐号，访问facebook/youtube网站
 禁止webmin用户的ssh权限，限制root不允许ssh，修改ssh端口
点这里复制本页地址发送给您QQ/MSN上的好友