author:headsen chen
date:2018-06-04 11:20:38
notice:This article is created by headsen chen himself and not allowed to copy.or you will count law questions.
#启动 service iptables start chkconfig iptables on 情况原先的规则 iptables -F #允许特定网段和地址访问 iptables -I INPUT -s 192.168.1.0/24 -j ACCEPT iptables -I INPUT -s 121.23.45.146 -j ACCEPT iptables -I INPUT -p tcp -s 121.23.45.146 --dport 22 -j ACCEPT iptables -I INPUT -p tcp -s 10.0.0.0/16 --dport 22 -j ACCEPT #内部回环口 iptables -I OUTPUT -o eth0 -j ACCEPT iptables -I INPUT -i lo -j ACCEPT #默认规则 iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP #允许httpd服务过来访问 iptables -A INPUT -p tcp --dport 80 -j ACCEPT #允许ping服务 iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT #允许长连接访问(必须是tcp和udp及其他协议都允许的,否则光tcp则不行,yum都无法运行!!!) iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #限制某个单独ip访问 iptables -I INPUT -p tcp -s 146.56.32.147 --dport 80 -j DROP #保存防火墙: service iptables save iptables-save >/bb.txt