我是只肥兔子禁用25端口:
iptables -I FORWARD -p tcp --dport 25 -j DROP
禁用UDP,只开启53端口(DNS协议):
list=`grep nameserver /etc/resolv.conf |awk '{print $NF}'`
for i in $list
do
iptables -A OUTPUT -p udp -d $i --dport 53 -j ACCEPT
done
iptables -A OUTPUT -p udp -j DROP
service iptables save
此条转自:https://www.haiyun.me/archives/iptables-drop-udp-flood.html