iptables安装优化

class/core/firewall_api.py

@@ -359,6 +359,8 @@ class firewall_api:
             _list = mw.M('firewall').field('id,port,ps,addtime').limit(
                 '0,1000').order('id desc').select()
 
+            mw.execShell('iptables -P INPUT DROP')
+            mw.execShell('iptables -P OUTPUT ACCEPT')
             for x in _list:
                 port = x['port']
                 if mw.isIpAddr(port):

scripts/install/rhel.sh

@@ -43,7 +43,11 @@ if [ -f /usr/sbin/iptables ];then
     iptables_status=`systemctl status iptables | grep 'inactive'`
     if [ "${iptables_status}" != '' ];then
         service iptables restart
-    
+        
+        # iptables -P FORWARD DROP
+        iptables -P INPUT DROP
+        iptables -P OUTPUT ACCEPT
+
         iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
         iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
         iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT