iptables应用

[root@lb01 ~]# iptables -F
[root@lb01 ~]# iptables -Z
[root@lb01 ~]# iptables -X
[root@lb01 ~]# iptables -P OUTPUT ACCEPT
[root@lb01 ~]# iptables -P FORWARD ACCEPT
[root@lb01 ~]# iptables -P INPUT DROP^C
[root@lb01 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@lb01 ~]# iptables -A INPUT -p tcp -s 10.0.0.0/24 -j ACCEPT
[root@lb01 ~]# iptables -P INPUT DROP
[root@lb01 ~]#
[root@lb01 ~]# iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@lb01 ~]# iptables -A INPUT -i lo -j ACCEPT
[root@lb01 ~]# iptables -A INPUT -s 201.82.34.0/24 -p all -j ACCEPT
[root@lb01 ~]# iptables -A INPUT -p tcp --dport 80 -j ACCEPT
[root@lb01 ~]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
[root@lb01 ~]# iptables -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
[root@lb01 ~]# #允许关联的状态包
[root@lb01 ~]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@lb01 ~]# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 10.0.0.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 201.82.34.0/24 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@lb01 ~]# iptables -D INPUT -p tcp -s 10.0.0.0/24 -j ACCEPT
[root@lb01 ~]# /application/nginx/sbin/nginx
[root@lb01 ~]# netstat -lntup|grep -w 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5601/nginx
[root@lb01 ~]# /etc/init.d/iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables： [确定]
[root@lb01 ~]# iptables-save > /etc/sysconfig/iptables^C
[root@lb01 ~]# /etc/init.d/iptables save
iptables：将防火墙规则保存到 /etc/sysconfig/iptables： [确定]
[root@lb01 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Sun Sep 25 12:49:48 2016
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [2:120]
:OUTPUT ACCEPT [2:120]
COMMIT
# Completed on Sun Sep 25 12:49:48 2016
# Generated by iptables-save v1.4.7 on Sun Sep 25 12:49:48 2016
*filter
:INPUT DROP [8675:381885]
:FORWARD ACCEPT [10:440]
:OUTPUT ACCEPT [900:59778]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 201.82.34.0/24 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sun Sep 25 12:49:48 2016
[root@lb01 ~]# /etc/init.d/iptables restart
iptables：将链设置为政策 ACCEPT：nat filter [确定]
iptables：清除防火墙规则： [确定]
iptables：正在卸载模块： [确定]
iptables：应用防火墙规则： [确定]