{"id":44,"date":"2016-10-18T17:49:52","date_gmt":"2016-10-18T17:49:52","guid":{"rendered":"https:\/\/galaxydata.ru\/community\/?p=44"},"modified":"2025-07-23T00:34:48","modified_gmt":"2025-07-22T21:34:48","slug":"pravilo-dlya-iptables-1-by-raffo77","status":"publish","type":"post","link":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44","title":{"rendered":"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77"},"content":{"rendered":"<pre class=\"lang:default decode:true\">#!\/bin\/sh\r\n\r\n# For debugging use iptables -v.\r\nIPTABLES=\"\/sbin\/iptables\"\r\nMODPROBE=\"\/sbin\/modprobe\"\r\nRMMOD=\"\/sbin\/rmmod\"\r\n\r\n# Logging options.\r\n#------------------------------------------------------------------------------\r\nLOG=\"LOG --log-level debug --log-tcp-sequence --log-tcp-options\"\r\nLOG=\"$LOG --log-ip-options\"\r\n\r\n\r\n# Defaults for rate limiting\r\n#------------------------------------------------------------------------------\r\nRLIMIT=\"-m limit --limit 3\/s --limit-burst 8\"\r\n\r\n\r\n\r\n# Load required kernel modules\r\n#------------------------------------------------------------------------------\r\n$MODPROBE ip_conntrack\r\n$MODPROBE ip_conntrack_ftp\r\n$MODPROBE ip_tables\r\n$MODPROBE iptable_filter\r\n$MODPROBE ipt_LOG\r\n$MODPROBE ipt_state\r\n\r\n\r\n# Disable IP forwarding.\r\necho 0 &gt; \/proc\/sys\/net\/ipv4\/ip_forward\r\n\r\n# Enable IP spoofing protection *\r\nfor i in \/proc\/sys\/net\/ipv4\/conf\/*\/rp_filter; do echo 1 &gt; $i; done\r\n\r\n# Protect against SYN flood attacks *\r\necho 1 &gt; \/proc\/sys\/net\/ipv4\/tcp_syncookies\r\n\r\n# Ignore all incoming ICMP echo requests *\r\necho 0 &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_all\r\n\r\n# Ignore ICMP echo requests to broadcast *\r\necho 1 &gt; \/proc\/sys\/net\/ipv4\/icmp_echo_ignore_broadcasts\r\n\r\n# Log packets with impossible addresses. *\r\nfor i in \/proc\/sys\/net\/ipv4\/conf\/*\/log_martians; do echo 1 &gt; $i; done\r\n\r\n# Don't log invalid responses to broadcast *\r\necho 1 &gt; \/proc\/sys\/net\/ipv4\/icmp_ignore_bogus_error_responses\r\n\r\n# Don't accept or send ICMP redirects. *\r\nfor i in \/proc\/sys\/net\/ipv4\/conf\/*\/accept_redirects; do echo 0 &gt; $i; done\r\nfor i in \/proc\/sys\/net\/ipv4\/conf\/*\/send_redirects; do echo 0 &gt; $i; done\r\n\r\n# Don't accept source routed packets. *\r\nfor i in \/proc\/sys\/net\/ipv4\/conf\/*\/accept_source_route; do echo 0 &gt; $i; done\r\n\r\n\r\n\r\n# Drop everything by default.*\r\n$IPTABLES -P INPUT DROP\r\n$IPTABLES -P FORWARD DROP\r\n$IPTABLES -P OUTPUT DROP\r\n\r\n# Set the nat\/mangle\/raw tables' chains to ACCEPT\r\n$IPTABLES -t nat -P PREROUTING ACCEPT\r\n$IPTABLES -t nat -P OUTPUT ACCEPT\r\n$IPTABLES -t nat -P POSTROUTING ACCEPT\r\n\r\n$IPTABLES -t mangle -P PREROUTING ACCEPT\r\n$IPTABLES -t mangle -P INPUT ACCEPT\r\n$IPTABLES -t mangle -P FORWARD ACCEPT\r\n$IPTABLES -t mangle -P OUTPUT ACCEPT\r\n$IPTABLES -t mangle -P POSTROUTING ACCEPT\r\n\r\n# Delete all *\r\n$IPTABLES -F\r\n$IPTABLES -t nat -F\r\n$IPTABLES -t mangle -F\r\n\r\n# Delete all *\r\n$IPTABLES -X\r\n$IPTABLES -t nat -X\r\n$IPTABLES -t mangle -X\r\n\r\n# Zero all packets and counters. *\r\n$IPTABLES -Z\r\n$IPTABLES -t nat -Z\r\n$IPTABLES -t mangle -Z\r\n\r\n# LOG packets, then ACCEPT.\r\n$IPTABLES -N ACCEPTLOG\r\n$IPTABLES -A ACCEPTLOG -j $LOG $RLIMIT --log-prefix \"ACCEPT \"\r\n$IPTABLES -A ACCEPTLOG -j ACCEPT\r\n\r\n# LOG packets, then DROP.\r\n$IPTABLES -N DROPLOG\r\n$IPTABLES -A DROPLOG -j $LOG $RLIMIT --log-prefix \"DROP \"\r\n$IPTABLES -A DROPLOG -j DROP\r\n\r\n# LOG packets, then REJECT.\r\n# TCP packets are rejected with a TCP reset.\r\n$IPTABLES -N REJECTLOG\r\n$IPTABLES -A REJECTLOG -j $LOG $RLIMIT --log-prefix \"REJECT \"\r\n$IPTABLES -A REJECTLOG -p tcp -j REJECT --reject-with tcp-reset\r\n$IPTABLES -A REJECTLOG -j REJECT\r\n\r\n\r\n# Make It Even Harder To Multi-PING\r\n$IPTABLES  -A INPUT -p icmp -m limit --limit 1\/s --limit-burst 2 -j ACCEPT\r\n$IPTABLES  -A INPUT -p icmp -m limit --limit 1\/s --limit-burst 2 -j LOG --log-prefix PING-DROP:\r\n$IPTABLES  -A INPUT -p icmp -j DROP\r\n$IPTABLES  -A OUTPUT -p icmp -j ACCEPT\r\n\r\n\r\n# First, drop all fragmented ICMP packets (almost always malicious).\r\n$IPTABLES -A INPUT -p icmp --fragment -j DROPLOG\r\n$IPTABLES -A OUTPUT -p icmp --fragment -j DROPLOG\r\n$IPTABLES -A FORWARD -p icmp --fragment -j DROPLOG\r\n\r\n# Allow all ESTABLISHED ICMP traffic.\r\n$IPTABLES -A INPUT -p icmp -m state --state ESTABLISHED -j ACCEPT $RLIMIT\r\n$IPTABLES -A OUTPUT -p icmp -m state --state ESTABLISHED -j ACCEPT $RLIMIT\r\n\r\n# Allow some parts of the RELATED ICMP traffic, block the rest.\r\n$IPTABLES -A INPUT -p icmp -m state --state RELATED -j RELATED_ICMP $RLIMIT\r\n$IPTABLES -A OUTPUT -p icmp -m state --state RELATED -j RELATED_ICMP $RLIMIT\r\n\r\n# Allow incoming ICMP echo requests (ping), but only rate-limited.\r\n$IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT $RLIMIT\r\n\r\n# Allow outgoing ICMP echo requests (ping), but only rate-limited.\r\n$IPTABLES -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT $RLIMIT\r\n\r\n# Drop any other ICMP traffic.\r\n$IPTABLES -A INPUT -p icmp -j DROPLOG\r\n$IPTABLES -A OUTPUT -p icmp -j DROPLOG\r\n$IPTABLES -A FORWARD -p icmp -j DROPLOG\r\n\r\n\r\n# Allow loopback interface to do anything. *\r\n$IPTABLES -A INPUT -i lo -j ACCEPT\r\n$IPTABLES -A OUTPUT -o lo -j ACCEPT\r\n\r\n# Allow incoming connections related to existing allowed connections. *\r\n$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\r\n\r\n# Allow outgoing connections EXCEPT invalid *\r\n$IPTABLES -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT\r\n\r\n\r\n\r\n# We don't care about Milkosoft, Drop SMB\/CIFS\/etc..\r\n$IPTABLES -A INPUT -p tcp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP\r\n$IPTABLES -A INPUT -p udp -m multiport --dports 135,137,138,139,445,1433,1434 -j DROP\r\n\r\n# Explicitly drop invalid incoming traffic\r\n$IPTABLES -A INPUT -m state --state INVALID -j DROP\r\n\r\n# Drop invalid outgoing traffic, too.\r\n$IPTABLES -A OUTPUT -m state --state INVALID -j DROP\r\n\r\n# If we would use NAT, INVALID packets would pass - BLOCK them anyways\r\n$IPTABLES -A FORWARD -m state --state INVALID -j DROP\r\n\r\n# PORT Scanners (stealth also)\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP\r\n\r\n# Some  anti-spoofing rules\r\n$IPTABLES -N SYN_FLOOD\r\n$IPTABLES -A INPUT -p tcp --syn -j SYN_FLOOD\r\n$IPTABLES -A SYN_FLOOD -m limit --limit 2\/s --limit-burst 6 -j RETURN\r\n$IPTABLES -A SYN_FLOOD -j DROP\r\n\r\n# Allow outgoing DNS requests. Few things will work without this.\r\n$IPTABLES -A OUTPUT -m state --state NEW -p udp --dport 53 -j ACCEPT\r\n$IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT\r\n\r\n# Allow outgoing HTTP requests. Unencrypted, use with care.\r\n$IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT\r\n\r\n# Allow outgoing HTTPS requests.\r\n$IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT\r\n\r\n# Allow outgoing SMTPS requests. Do NOT allow unencrypted SMTP!\r\n# $IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 465 -j ACCEPT\r\n\r\n# Allow outgoing \"submission\" (RFC 2476) requests.\r\n$IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 587 -j ACCEPT\r\n\r\n\r\n# Allow outgoing SSH requests.\r\n$IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT\r\n\r\n# Allow outgoing FTP requests. Unencrypted, use with care.\r\n$IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT\r\n\r\n\r\n\r\n# Allow outgoing MySQL requests. Unencrypted, use with care.\r\n $IPTABLES -A OUTPUT -m state --state NEW -p tcp --dport 3306 -j ACCEPT\r\n\r\n\r\n\r\n# Allow incoming DNS requests.\r\n$IPTABLES -A INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT\r\n\r\n# Allow incoming HTTP requests.\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT\r\n\r\n# Allow incoming HTTPS requests.\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT\r\n\r\n\r\n# Allow incoming SMTP requests.\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --dport 25 -j ACCEPT\r\n\r\n# Allow incoming SSH requests.\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT\r\n\r\n# Allow incoming FTP requests.\r\n$IPTABLES -A INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT\r\n\r\n\r\n# Allow incoming MySQL requests.\r\n $IPTABLES -A INPUT -m state --state NEW -p tcp --dport 3306 -j ACCEPT\r\n\r\n\r\n\r\n\r\n\r\n\r\n# Explicitly log and reject everything else.\r\n#------------------------------------------------------------------------------\r\n# Use REJECT instead of REJECTLOG if you don't need\/want logging.\r\n$IPTABLES -A INPUT -j REJECTLOG\r\n$IPTABLES -A OUTPUT -j REJECTLOG\r\n$IPTABLES -A FORWARD -j REJECTLOG\r\n\r\n\r\nexit 0<\/pre>\n<p>By:\u00a0<a href=\"https:\/\/forums.digitalpoint.com\/threads\/how-to-avoid-syn_recv.2181633\/\">https:\/\/forums.digitalpoint.com\/threads\/how-to-avoid-syn_recv.2181633\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>#!\/bin\/sh # For debugging use iptables -v. IPTABLES=&#187;\/sbin\/iptables&#187; MODPROBE=&#187;\/sbin\/modprobe&#187; RMMOD=&#187;\/sbin\/rmmod&#187; # Logging options. #&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; LOG=&#187;LOG &#8212;log-level debug &#8212;log-tcp-sequence &#8212;log-tcp-options&#187; LOG=&#187;$LOG &#8212;log-ip-options&#187; # Defaults for rate limiting #&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; RLIMIT=&#187;-m limit &#8212;limit&hellip; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[19],"class_list":["post-44","post","type-post","status-publish","format-standard","hentry","category-linux","tag-iptables"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.4 (Yoast SEO v25.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77 - GalaxyData Community<\/title>\n<meta name=\"description\" content=\"\u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u044b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 iptables \u0434\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043e\u043f\u044b\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u0435 raffo77.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\" \/>\n<meta property=\"og:locale\" content=\"ru_RU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77\" \/>\n<meta property=\"og:description\" content=\"\u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u044b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 iptables \u0434\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043e\u043f\u044b\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u0435 raffo77.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\" \/>\n<meta property=\"og:site_name\" content=\"GalaxyData Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/vk.com\/galaxydata\" \/>\n<meta property=\"article:published_time\" content=\"2016-10-18T17:49:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-22T21:34:48+00:00\" \/>\n<meta name=\"author\" content=\"Eduard Yamaltdinov\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c\" \/>\n\t<meta name=\"twitter:data1\" content=\"Eduard Yamaltdinov\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 \u043c\u0438\u043d\u0443\u0442\u0430\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#article\",\"isPartOf\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\"},\"author\":{\"name\":\"Eduard Yamaltdinov\",\"@id\":\"https:\/\/galaxydata.ru\/community\/#\/schema\/person\/674f493b626af18d90fe784aa69dfd7b\"},\"headline\":\"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77\",\"datePublished\":\"2016-10-18T17:49:52+00:00\",\"dateModified\":\"2025-07-22T21:34:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\"},\"wordCount\":13,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/#organization\"},\"keywords\":[\"iptables\"],\"articleSection\":[\"Linux\"],\"inLanguage\":\"ru-RU\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\",\"url\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\",\"name\":\"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77 - GalaxyData Community\",\"isPartOf\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/#website\"},\"datePublished\":\"2016-10-18T17:49:52+00:00\",\"dateModified\":\"2025-07-22T21:34:48+00:00\",\"description\":\"\u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u044b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 iptables \u0434\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043e\u043f\u044b\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u0435 raffo77.\",\"breadcrumb\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#breadcrumb\"},\"inLanguage\":\"ru-RU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/galaxydata.ru\/community\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/galaxydata.ru\/community\/#website\",\"url\":\"https:\/\/galaxydata.ru\/community\/\",\"name\":\"GalaxyData Community\",\"description\":\"Tutorial for Cloud VDS\",\"publisher\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/galaxydata.ru\/community\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ru-RU\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/galaxydata.ru\/community\/#organization\",\"name\":\"GalaxyData Community\",\"url\":\"https:\/\/galaxydata.ru\/community\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\/\/galaxydata.ru\/community\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2026\/04\/cropped-galaxydata-site-v3.2.png\",\"contentUrl\":\"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2026\/04\/cropped-galaxydata-site-v3.2.png\",\"width\":257,\"height\":44,\"caption\":\"GalaxyData Community\"},\"image\":{\"@id\":\"https:\/\/galaxydata.ru\/community\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/vk.com\/galaxydata\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/galaxydata.ru\/community\/#\/schema\/person\/674f493b626af18d90fe784aa69dfd7b\",\"name\":\"Eduard Yamaltdinov\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\/\/galaxydata.ru\/community\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2016\/10\/cloud-server-150x150.png\",\"contentUrl\":\"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2016\/10\/cloud-server-150x150.png\",\"caption\":\"Eduard Yamaltdinov\"},\"description\":\"Eduard Yamaltdinov \u2014 \u0430\u0432\u0442\u043e\u0440 \u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u0415\u0441\u043b\u0438 \u0432\u0430\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u043e \u0435\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0445, \u043e\u043f\u044b\u0442\u0435 \u0438\u043b\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u0445, \u0441\u043e\u043e\u0431\u0449\u0438\u0442\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435, \u043a\u0430\u043a\u0443\u044e \u0438\u043c\u0435\u043d\u043d\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0445\u043e\u0442\u0438\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c.\",\"url\":\"https:\/\/galaxydata.ru\/community\/author\/galaxydata\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77 - GalaxyData Community","description":"\u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u044b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 iptables \u0434\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043e\u043f\u044b\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u0435 raffo77.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44","og_locale":"ru_RU","og_type":"article","og_title":"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77","og_description":"\u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u044b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 iptables \u0434\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043e\u043f\u044b\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u0435 raffo77.","og_url":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44","og_site_name":"GalaxyData Community","article_publisher":"https:\/\/vk.com\/galaxydata","article_published_time":"2016-10-18T17:49:52+00:00","article_modified_time":"2025-07-22T21:34:48+00:00","author":"Eduard Yamaltdinov","twitter_card":"summary_large_image","twitter_misc":{"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c":"Eduard Yamaltdinov","\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f":"1 \u043c\u0438\u043d\u0443\u0442\u0430"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#article","isPartOf":{"@id":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44"},"author":{"name":"Eduard Yamaltdinov","@id":"https:\/\/galaxydata.ru\/community\/#\/schema\/person\/674f493b626af18d90fe784aa69dfd7b"},"headline":"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77","datePublished":"2016-10-18T17:49:52+00:00","dateModified":"2025-07-22T21:34:48+00:00","mainEntityOfPage":{"@id":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44"},"wordCount":13,"commentCount":0,"publisher":{"@id":"https:\/\/galaxydata.ru\/community\/#organization"},"keywords":["iptables"],"articleSection":["Linux"],"inLanguage":"ru-RU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#respond"]}]},{"@type":"WebPage","@id":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44","url":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44","name":"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77 - GalaxyData Community","isPartOf":{"@id":"https:\/\/galaxydata.ru\/community\/#website"},"datePublished":"2016-10-18T17:49:52+00:00","dateModified":"2025-07-22T21:34:48+00:00","description":"\u0411\u0430\u0437\u043e\u0432\u044b\u0435 \u043f\u0440\u0438\u043d\u0446\u0438\u043f\u044b \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0430 iptables \u0434\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u043a\u0438 \u043d\u0435\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 \u0438 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Linux-\u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u0420\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043d\u043e \u043e\u043f\u044b\u0442\u043d\u044b\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u043e\u043c \u043f\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u0435 raffo77.","breadcrumb":{"@id":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#breadcrumb"},"inLanguage":"ru-RU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/galaxydata.ru\/community\/pravilo-dlya-iptables-1-by-raffo77-44#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/galaxydata.ru\/community"},{"@type":"ListItem","position":2,"name":"\u041f\u0440\u0430\u0432\u0438\u043b\u043e \u0434\u043b\u044f IPTABLES #1 by raffo77"}]},{"@type":"WebSite","@id":"https:\/\/galaxydata.ru\/community\/#website","url":"https:\/\/galaxydata.ru\/community\/","name":"GalaxyData Community","description":"Tutorial for Cloud VDS","publisher":{"@id":"https:\/\/galaxydata.ru\/community\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/galaxydata.ru\/community\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ru-RU"},{"@type":"Organization","@id":"https:\/\/galaxydata.ru\/community\/#organization","name":"GalaxyData Community","url":"https:\/\/galaxydata.ru\/community\/","logo":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/galaxydata.ru\/community\/#\/schema\/logo\/image\/","url":"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2026\/04\/cropped-galaxydata-site-v3.2.png","contentUrl":"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2026\/04\/cropped-galaxydata-site-v3.2.png","width":257,"height":44,"caption":"GalaxyData Community"},"image":{"@id":"https:\/\/galaxydata.ru\/community\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/vk.com\/galaxydata"]},{"@type":"Person","@id":"https:\/\/galaxydata.ru\/community\/#\/schema\/person\/674f493b626af18d90fe784aa69dfd7b","name":"Eduard Yamaltdinov","image":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/galaxydata.ru\/community\/#\/schema\/person\/image\/","url":"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2016\/10\/cloud-server-150x150.png","contentUrl":"https:\/\/galaxydata.ru\/community\/wp-content\/uploads\/2016\/10\/cloud-server-150x150.png","caption":"Eduard Yamaltdinov"},"description":"Eduard Yamaltdinov \u2014 \u0430\u0432\u0442\u043e\u0440 \u0438 \u044d\u043a\u0441\u043f\u0435\u0440\u0442 \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0442\u0435\u0445\u043d\u043e\u043b\u043e\u0433\u0438\u0439 \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \u0415\u0441\u043b\u0438 \u0432\u0430\u043c \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e \u0443\u0437\u043d\u0430\u0442\u044c \u0431\u043e\u043b\u044c\u0448\u0435 \u043e \u0435\u0433\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0445, \u043e\u043f\u044b\u0442\u0435 \u0438\u043b\u0438 \u043f\u0440\u043e\u0435\u043a\u0442\u0430\u0445, \u0441\u043e\u043e\u0431\u0449\u0438\u0442\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435, \u043a\u0430\u043a\u0443\u044e \u0438\u043c\u0435\u043d\u043d\u043e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0445\u043e\u0442\u0438\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c.","url":"https:\/\/galaxydata.ru\/community\/author\/galaxydata"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/posts\/44","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/comments?post=44"}],"version-history":[{"count":1,"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/posts\/44\/revisions"}],"predecessor-version":[{"id":2054,"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/posts\/44\/revisions\/2054"}],"wp:attachment":[{"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/media?parent=44"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/categories?post=44"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/galaxydata.ru\/community\/wp-json\/wp\/v2\/tags?post=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}