配置iptables

[root@master ~]# service iptables status
iptables：未运行防火墙。
[root@master ~]# service iptables start
iptables：应用防火墙规则：                                 [确定]


单个IP的命令是
iptables -I INPUT -s 192.168.1.4 -j DROP  --拒绝192.168.1.4的访问


从192.168.1.5 发起ssh

[root@slave1 ~]# ssh root@192.168.1.100
The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
RSA key fingerprint is 58:8b:d9:7f:86:3d:6c:9a:0a:69:e9:0b:26:06:eb:a2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
root@192.168.1.100's password: 
Last login: Mon May 18 16:47:47 2015 from oem-20140503syk

此时可以 查看192.168.1.100上的ip规则
[root@master ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  192.168.1.4          0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  



默认开始防火墙后的情况:

service iptables status可以查看到iptables服务的当前状态
/etc/init.d/iptables stop
/etc/init.d/iptables start


[root@slave1 ~]# service iptables status
iptables：未运行防火墙。


touch /etc/sysconfig/iptables


jrhppt02:/etc/sysconfig# service iptables status
iptables: Firewall modules are not loaded.



/sbin/modprobe iptable_filter --添加模块


没加载模块:

jrhppt02:/proc# lsmod 
Module                  Size  Used by
nfnetlink               4200  0 
bluetooth              99271  0 
rfkill                 19255  1 bluetooth
xenfs                   5705  1 
microcode             112685  0 
xen_netfront           19033  0 
i2c_piix4              12608  0 
i2c_core               31084  1 i2c_piix4
ext4                  374405  1 
jbd2                   93427  1 ext4
mbcache                 8193  1 ext4
xen_blkfront           15495  2 
pata_acpi               3701  0 
ata_generic             3837  0 
ata_piix               24601  0 
dm_mirror              14384  0 
dm_region_hash         12085  1 dm_mirror
dm_log                  9930  2 dm_mirror,dm_region_hash
dm_mod                 84337  2 dm_mirror,dm_log
jrhppt02:/proc# 



jrhppt02:/proc#  modprobe ip_tables
You have mail in /var/spool/mail/root
jrhppt02:/proc# lsmod 
Module                  Size  Used by
ip_tables              17831  0 
nfnetlink               4200  0 
bluetooth              99271  0 
rfkill                 19255  1 bluetooth
xenfs                   5705  1 
microcode             112685  0 
xen_netfront           19033  0 
i2c_piix4              12608  0 
i2c_core               31084  1 i2c_piix4
ext4                  374405  1 
jbd2                   93427  1 ext4
mbcache                 8193  1 ext4
xen_blkfront           15495  2 
pata_acpi               3701  0 
ata_generic             3837  0 
ata_piix               24601  0 
dm_mirror              14384  0 
dm_region_hash         12085  1 dm_mirror
dm_log                  9930  2 dm_mirror,dm_region_hash
dm_mod                 84337  2 dm_mirror,dm_log