firewall
图像化配置
[root@desktop0 ~]# firewall-config
iptabes -F
iptabes -X
iptabes -Z
先设置默认规则(最后防线)
[root@desktop0 ~]# iptables -P INPUT DROP&&iptables -P OUTPUT DROP&&iptables -P FORWARD DROP
iptables -A(增加)/I(插入) 链名称(INPUT、OUTPUT、FORWARD) -i(数据包进入接口)/o(数据包出去接口)
-p(指定协议tcp\udp\icmp\all) -s(源地址/!+IP反选不接受) --sport22:30(端口范围) -d (目的地址)-j
(动作DROP、ACCEPT、REGECT、LOG)
路由写转发
systemctl|grep fowrward |grep ipv4
写入 /etc/sysctl.conf
systmctl -p (reload)
加路由
route add -net 172.25.0.0 netmask 255.255.255.0
route add -host 172.25.0.10 -i
gw 192.168.100.2
iptables规则
[root@desktop0 ~]# iptables -A INPUT -i eth1 -s 192.168.100.0/24 -j DROP
[root@desktop0 ~]# iptables -A INPUT -s 192.168.100.0/24 -p udp -j DROP
[root@desktop0 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- 172.25.0.0/24 anywhere
DROP all -- 192.168.100.0/24 anywhere
DROP tcp -- 192.168.100.0/24 anywhere
DROP udp -- 192.168.100.0/24 anywhere
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
[root@desktop0 ~]# iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT