1. Tạo file script

    Tạo file script với tên iptables.sh
    #vi iptables.sh
    Điền vào nội dung sau.
    #!/bin/bash
    # define some constants. Those are your WAN IP which need to be whitelisted.
    your_vnpt_ip=’x.x.x.x’
    your_viettel_ip=’y.y.y.y’
    # delete all configuration and set default policy for each chain.
    /sbin/iptables -F
    /sbin/iptables -X
    /sbin/iptables -P INPUT ACCEPT
    /sbin/iptables -P OUTPUT ACCEPT
    /sbin/iptables -P FORWARD ACCEPT
    /sbin/iptables -N ZIMBRA-FIREWALL
    /sbin/iptables -A INPUT -j ZIMBRA-FIREWALL
    /sbin/iptables -A FORWARD -j ZIMBRA-FIREWALL
    # Stop some attacks
    /sbin/iptables -A ZIMBRA-FIREWALL -p tcp –tcp-flags ALL NONE -j DROP
    /sbin/iptables -A ZIMBRA-FIREWALL -p tcp ! –syn -m state –state NEW -j DROP
    /sbin/iptables -A ZIMBRA-FIREWALL -p tcp –tcp-flags ALL ALL -j DROP
    # Accept save connection and icmp
    /sbin/iptables -A ZIMBRA-FIREWALL -i lo -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -p icmp –icmp-type any -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state ESTABLISHED,RELATED -j ACCEPT
    # enable this rule if have has layer remote 2/3 devices
    /sbin/iptables -A ZIMBRA-FIREWALL -p tcp –tcp-flags FIN,SYN,RST,ACK RST,ACK -j ACCEPT
    # enable ssh and snmp
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT -s $vnpt_ip
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT -s $viettel_ip
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m udp -p udp –dport 161 -j ACCEPT -s $vnpt_ip
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m udp -p udp –dport 161 -j ACCEPT -s $viettel_ip
    # enable zimbra ports
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 110 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 143 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 465 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 587 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 993 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 995 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 7071 -j ACCEPT
    /sbin/iptables -A ZIMBRA-FIREWALL -m state –state NEW -m tcp -p tcp –dport 9071 -j ACCEPT
    # log and reject everything else
    #/sbin/iptables -A ZIMBRA-FIREWALL -j LOG -m limit –limit 10/m –log-prefix “DROP ON INPUT: ” –log-tcp-options –log-ip-options –log-level INFO
    /sbin/iptables -A ZIMBRA-FIREWALL -j DROP
    # save configuraton and restart iptables
    /etc/rc.d/init.d/iptables save
    /etc/rc.d/init.d/iptables restart

  2. Chạy file script

    #sh iptables.sh
    Script sẽ xóa cấu hình iptables cũ, tạo mới và sau đó lưu lại để sau khi khởi động sẽ giữ nguyên cấu hình.

  3. Bật iptables khi khởi động máy

    #chkconfig iptables on