zoukankan      html  css  js  c++  java
  • iptables应用

    [root@lb01 ~]# iptables -F
    [root@lb01 ~]# iptables -Z
    [root@lb01 ~]# iptables -X
    [root@lb01 ~]# iptables -P OUTPUT ACCEPT
    [root@lb01 ~]# iptables -P FORWARD ACCEPT
    [root@lb01 ~]# iptables -P INPUT DROP^C
    [root@lb01 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    [root@lb01 ~]# iptables -A INPUT -p tcp -s 10.0.0.0/24 -j ACCEPT
    [root@lb01 ~]# iptables -P INPUT DROP
    [root@lb01 ~]#
    [root@lb01 ~]# iptables -nL
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    [root@lb01 ~]# iptables -A INPUT -i lo -j ACCEPT
    [root@lb01 ~]# iptables -A INPUT -s 201.82.34.0/24 -p all -j ACCEPT
    [root@lb01 ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
    [root@lb01 ~]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
    [root@lb01 ~]# iptables -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
    [root@lb01 ~]# #允许关联的状态包
    [root@lb01 ~]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    [root@lb01 ~]# iptables -L -n
    Chain INPUT (policy DROP)
    target prot opt source destination
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
    ACCEPT all -- 201.82.34.0/24 0.0.0.0/0
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
    ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    [root@lb01 ~]# iptables -D INPUT -p tcp -s 10.0.0.0/24 -j ACCEPT
    [root@lb01 ~]# /application/nginx/sbin/nginx
    [root@lb01 ~]# netstat -lntup|grep -w 80
    tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5601/nginx
    [root@lb01 ~]# /etc/init.d/iptables save
    iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]
    [root@lb01 ~]# iptables-save > /etc/sysconfig/iptables^C
    [root@lb01 ~]# /etc/init.d/iptables save
    iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]
    [root@lb01 ~]# cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.4.7 on Sun Sep 25 12:49:48 2016
    *nat
    :PREROUTING ACCEPT [0:0]
    :POSTROUTING ACCEPT [2:120]
    :OUTPUT ACCEPT [2:120]
    COMMIT
    # Completed on Sun Sep 25 12:49:48 2016
    # Generated by iptables-save v1.4.7 on Sun Sep 25 12:49:48 2016
    *filter
    :INPUT DROP [8675:381885]
    :FORWARD ACCEPT [10:440]
    :OUTPUT ACCEPT [900:59778]
    -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -s 201.82.34.0/24 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    COMMIT
    # Completed on Sun Sep 25 12:49:48 2016
    [root@lb01 ~]# /etc/init.d/iptables restart
    iptables:将链设置为政策 ACCEPT:nat filter [确定]
    iptables:清除防火墙规则: [确定]
    iptables:正在卸载模块: [确定]
    iptables:应用防火墙规则: [确定]

  • 相关阅读:
    运行 npm run dev 不能自动打开浏览器
    npm run dev 报错:Strings must use singlequote 的解决方法
    new和this
    new Object()、Object.create()、{}三种对象创建方式的区别
    Python 详解修饰器 附带 js使用修饰器
    Python
    react项目使用axios和Charles模拟数据接口
    react切换隐藏或显示状态(包含过渡动画)
    react里使用ref的几种方法
    js对象转数组
  • 原文地址:https://www.cnblogs.com/Carr/p/7396041.html
Copyright © 2011-2022 走看看