zoukankan      html  css  js  c++  java

  • vim /etc/sysconfig/iptables

    # Firewall configuration written by system-config-firewall
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    COMMIT

    以上是防火墙设置文件的初始值。

    下面需要增加的:

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT

    -A INPUT -s 115.28.46.84/32 -p tcp -m tcp --dport 3306 -j ACCEPT  //115.28.46.84是从数据库地址

    实例:

    [danny@ay-sc-hz-02 ~]$ sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.4.7 on Tue Sep 30 14:47:08 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [44:6143]
    :BLACKLIST - [0:0]
    -A INPUT -s 115.28.46.84/32 -p tcp -m tcp --dport 3306 -j ACCEPT
    -A INPUT -s 112.124.7.82/32 -p tcp -m tcp --dport 25 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 8080 -m state --state NEW -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 121.199.2.108/32 -p tcp -m tcp --dport 25 -j ACCEPT
    -A INPUT -s 54.204.167.252/32 -j ACCEPT
    -A INPUT -s 54.226.209.220/32 -j ACCEPT
    -A INPUT -s 180.166.51.234/32 -j ACCEPT
    -A INPUT -s 174.129.49.94/32 -j ACCEPT
    -A INPUT -s 75.101.181.183/32 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -j ACCEPT
    -A INPUT -s 10.160.2.32/32 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Tue Sep 30 14:47:08 2014

    [danny@ay-db-qd-01 log]$ sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.3.5 on Mon Aug 25 17:48:21 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [184452044:15279824631]
    :BLACKLIST - [0:0]
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 54.204.167.252 -j ACCEPT
    -A INPUT -s 54.226.209.220 -j ACCEPT
    -A INPUT -s 180.166.51.234 -j ACCEPT
    -A INPUT -s 174.129.49.94 -j ACCEPT
    -A INPUT -s 75.101.181.183 -j ACCEPT
    -A INPUT -s 127.0.0.1 -j ACCEPT
    -A INPUT -s 10.144.38.91 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Mon Aug 25 17:48:21 2014

    [danny@ay-wifi-hz-01 ~]$ sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.3.5 on Wed Aug 6 14:55:42 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [91064865:14245935000]
    :BLACKLIST - [0:0]
    -A INPUT -s 112.5.193.46 -j DROP
    -A INPUT -s 112.5.193.47 -j DROP
    -A INPUT -s 115.168.77.68 -j DROP
    -A INPUT -s 115.238.225.110 -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 23.22.208.66 -j ACCEPT
    -A INPUT -s 54.226.209.220 -j ACCEPT
    -A INPUT -s 180.166.51.234 -j ACCEPT
    -A INPUT -s 174.129.49.94 -j ACCEPT
    -A INPUT -s 75.101.181.183 -j ACCEPT
    -A INPUT -s 127.0.0.1 -j ACCEPT
    -A INPUT -s 10.122.68.87 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Wed Aug 6 14:55:42 2014

    [root@ay-xf-hz-01 ~]# sudo cat /etc/sysconfig/iptables
    # Generated by iptables-save v1.4.7 on Wed Sep 24 17:11:18 2014
    *filter
    :INPUT DROP [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [86:9522]
    :BLACKLIST - [0:0]
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 8089 -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -s 180.166.51.234/32 -j ACCEPT
    -A INPUT -s 174.129.49.94/32 -j ACCEPT
    -A INPUT -s 75.101.181.183/32 -j ACCEPT
    -A INPUT -s 127.0.0.1/32 -j ACCEPT
    -A INPUT -j REJECT --reject-with icmp-host-prohibited
    -A INPUT -p tcp -m tcp --dport 22 -j BLACKLIST
    -A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A BLACKLIST -j DROP
    COMMIT
    # Completed on Wed Sep 24 17:11:18 2014
  • 相关阅读:
    解决多个window.onload冲突问题
    asp.net中img底部出现空白解決辦法
    学习WF起步
    ASP.NET后台注册javascript脚本方法
    WCF、Net remoting、Web service概念及区别
    WCF问答 WCF 与Web Service的区别
    C++深度探索系列:智能指针(Smart Pointer) [一] (转)
    ofstream和ifstream(详细2)转
    全面掌握const、volatile和mutable关键字(转)
    #define用法 收藏
  • 原文地址:https://www.cnblogs.com/chromebook/p/4006685.html
Copyright © 2011-2022 走看看