zoukankan html css js c++ java

防火墙的配置

丢弃来自192.168.10.36的所有数据包-A追加规则

[root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -j DROP

查看默认表的规则，带行号显示

[root@chenxi ~]# iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 271 packets, 20573 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       37  3108 DROP       all  --  *      *       192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 48 packets, 4440 bytes)
num   pkts bytes target     prot opt in     out     source               destination

　允许来自192.168.10.36的所有数据包

[root@chenxi ~]# iptables -vnL --line-numbers
Chain INPUT (policy ACCEPT 44 packets, 3358 bytes)
num   pkts bytes target     prot opt in     out     source               destinatio
1        8   672 ACCEPT     all  --  *      *       192.168.10.36        0.0.0.0/0 
2       37  3108 DROP       all  --  *      *       192.168.10.36        0.0.0.0/0 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destinatio

Chain OUTPUT (policy ACCEPT 16 packets, 2256 bytes)
num   pkts bytes target     prot opt in     out     source               destination

查看nat表里的链

[root@chenxi ~]# iptables -vnL --line-numbers -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destinatio
n         
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destinatio
n         
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destinatio
n         
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destinatio
n         [root@chenxi ~]# iptables -vnL --line-numbers -t nat
Chain PREROUTING (policy ACCEPT 3 packets, 240 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 2 packets, 162 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1 packets, 716 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1 packets, 716 bytes)
num   pkts bytes target     prot opt in     out     source               destination

　查看规则

[root@chenxi ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.36        0.0.0.0/0           
DROP       all  --  192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

删除第1条规则

[root@chenxi ~]# iptables -D INPUT 1
[root@chenxi ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

　　添加允许192.168.10.1主的作用报文出入本机-s源地址-d目标

[root@chenxi ~]# iptables -A INPUT -s 192.168.10.1 -j ACCEPT
[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.1 -j ACCEPT
[root@chenxi ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  192.168.10.36        0.0.0.0/0           
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1

　　修改默认规则为拒绝表默认过滤表

[root@chenxi ~]# iptables -P INPUT DROP
[root@chenxi ~]# iptables -P OUTPUT DROP
[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  192.168.10.36        0.0.0.0/0           
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1

　在192.168.10.36主机用ping命令测试

[root@mail bin]# ping 192.168.10.40
PING 192.168.10.40 (192.168.10.40) 56(84) bytes of data.

　在192.168.10.40 主机添加允许192.168.10.36数据包进来的规则

[root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -j ACCEPT
[root@chenxi ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
08:39:08.910676 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 
149, length 6408:39:09.910752 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 
150, length 6408:39:10.922666 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 
151, length 6408:39:11.940137 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 152, length 64

　　在192.168.10.40主机上添加允许目标主机为192.169.10.36的开发规则

[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.36 -j ACCEPT
[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
ACCEPT     all  --  192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        
ACCEPT     all  --  0.0.0.0/0            192.168.10.36       
08:40:53.800793 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 40976, seq 253, length 64
08:40:53.801135 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 40976, seq 253, length 64

　添加192.168.10.36的icmp协议可ping通192.168.10.40主机的规则

[root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -p icmp -j ACCEPT   进主机的规则

[root@mail bin]# ping 192.168.10.40
PING 192.168.10.40 (192.168.10.40) 56(84) bytes of data.
[root@chenxi ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
08:55:23.850949 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 6, length 64
08:55:24.851240 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 7, length 64
08:55:25.851304 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 8, length 64
08:55:26.855839 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 9, length 64
08:55:27.853459 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 10, length 64
08:55:28.854609 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 11, length 64
08:55:29.857906 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 12, length 64
08:55:30.856784 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 13, length 64
08:55:31.858473 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 14, length 64
08:55:32.857969 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 15, length 64
08:55:33.859005 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 16, length 64
08:55:34.914116 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 17, length 64
08:55:35.916034 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 18, length 64
08:55:36.916717 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 19, length 64
08:55:37.940721 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 20, length 64
08:55:38.935520 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 21, length 64
08:55:39.935601 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 4148
[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.36 -p icmp -j ACCEPT 出主机的规则
[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
ACCEPT     icmp --  192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        
ACCEPT     icmp --  0.0.0.0/0            192.168.10.36       
8, seq 22, length 64
08:55:39.935702 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 22, length 64
08:55:40.936550 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 23, length 64
08:55:40.936628 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 23, length 64
08:55:41.938630 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 24, length 64
08:55:41.938690 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 24, length 64
08:55:42.939814 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 25, length 64
08:55:42.939889 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 25, length 64
08:55:43.941753 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 26, length 64
08:55:43.941831 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 26, length 64
08:55:44.975164 IP 192.168.10.36 > 192.168.10.40: ICMP echo request, id 41488, seq 27, length 64
08:55:44.975228 IP 192.168.10.40 > 192.168.10.36: ICMP echo reply, id 41488, seq 27, length 64
[root@mail bin]# ping 192.168.10.40
PING 192.168.10.40 (192.168.10.40) 56(84) bytes of data.
64 bytes from 192.168.10.40: icmp_seq=22 ttl=64 time=0.493 ms
64 bytes from 192.168.10.40: icmp_seq=23 ttl=64 time=1.09 ms
64 bytes from 192.168.10.40: icmp_seq=24 ttl=64 time=0.336 ms
64 bytes from 192.168.10.40: icmp_seq=25 ttl=64 time=1.36 ms
64 bytes from 192.168.10.40: icmp_seq=26 ttl=64 time=0.430 ms
64 bytes from 192.168.10.40: icmp_seq=27 ttl=64 time=0.243 ms

　　在192.168.10.40的主机上添加允许192.168.10.36访问本机22端口

[root@mail bin]# ssh 192.168.10.40
ssh: connect to host 192.168.10.40 port 22: Connection timed out
[root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -p tcp --dport 22 -j ACCEPT   进来数据包
[root@chenxi ~]# iptables -A OUTPUT -d 192.168.10.36 -p tcp --sport 22 -j ACCEPT   返回数据包

[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
ACCEPT     icmp --  192.168.10.36        0.0.0.0/0           
ACCEPT     tcp  --  192.168.10.36        0.0.0.0/0            tcp dpt:22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        
ACCEPT     icmp --  0.0.0.0/0            192.168.10.36       
ACCEPT     tcp  --  0.0.0.0/0            192.168.10.36        tcp spt:22
[root@mail bin]# ssh 192.168.10.40
The authenticity of host '192.168.10.40 (192.168.10.40)' can't be established.
RSA key fingerprint is c9:1c:63:b4:a2:a5:c4:cf:5a:a2:46:19:81:63:d2:f5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.40' (RSA) to the list of known hosts.
root@192.168.10.40's password: 
Last login: Tue Mar 19 08:37:05 2019 from 192.168.10.1
[root@chenxi ~]#

　　拒绝源地址为192.168.10.36主机的tcp的第一次握手连接

[root@chenxi ~]# iptables -I INPUT 2 -s 192.168.10.36 -p tcp --syn -j REJECT
[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
REJECT     tcp  --  192.168.10.36        0.0.0.0/0            tcp flags:0x17/0x02 reject-with icmp-port-unreachable
ACCEPT     icmp --  192.168.10.36        0.0.0.0/0           
ACCEPT     tcp  --  192.168.10.36        0.0.0.0/0            tcp dpt:22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        
ACCEPT     icmp --  0.0.0.0/0            192.168.10.36       
ACCEPT     tcp  --  0.0.0.0/0            192.168.10.36        tcp spt:22
[root@mail ~]# ssh 192.168.10.40
ssh: connect to host 192.168.10.40 port 22: Connection refused
[root@mail ~]# ssh 192.168.10.40
ssh: connect to host 192.168.10.40 port 22: Connection refused
[root@mail bin]# ssh 192.168.10.40
The authenticity of host '192.168.10.40 (192.168.10.40)' can't be established.
RSA key fingerprint is c9:1c:63:b4:a2:a5:c4:cf:5a:a2:46:19:81:63:d2:f5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.40' (RSA) to the list of known hosts.
root@192.168.10.40's password: 
Last login: Tue Mar 19 08:37:05 2019 from 192.168.10.1
[root@chenxi ~]# ls
anaconda-ks.cfg
[root@chenxi ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:40:c2:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.40/24 brd 192.168.10.255 scope global noprefixroute ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::6e0:d902:bf99:5840/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:40:c2:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.133/24 brd 192.168.10.255 scope global noprefixroute dynamic ens37
       valid_lft 1453sec preferred_lft 1453sec
    inet6 fe80::24a2:2585:2b12:e5ab/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

　　用允许192.168.10.36可以访问本机的22端口的tcp状态连接第一次握手替换点拒绝所有来源192.168.10.36TCP第一握手拒绝规则

[root@chenxi ~]# iptables -R INPUT 2 -s 192.168.10.36 -p tcp --dport 22 --syn -j ACCEPT    -R 替换
[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
ACCEPT     tcp  --  192.168.10.36        0.0.0.0/0            tcp dpt:22 flags:0x17/0x02
ACCEPT     icmp --  192.168.10.36        0.0.0.0/0           
ACCEPT     tcp  --  192.168.10.36        0.0.0.0/0            tcp dpt:22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        
ACCEPT     icmp --  0.0.0.0/0            192.168.10.36       
ACCEPT     tcp  --  0.0.0.0/0            192.168.10.36        tcp spt:22

[root@mail ~]# ssh 192.168.10.40
root@192.168.10.40's password: 
Last login: Tue Mar 19 09:23:21 2019 from 192.168.10.36
[root@chenxi ~]#

　　自定义链

[root@chenxi ~]# iptables -N chenxi  创建链
[root@chenxi ~]# iptables -nvL 
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
12738  768K ACCEPT     all  --  *      *       192.168.10.1         0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
17882 3969K ACCEPT     all  --  *      *       0.0.0.0/0            192.168.10.1        

Chain chenxi (0 references)
 pkts bytes target     prot opt in     out     source               destination         

[root@chenxi ~]# iptables -X chenxi   删除自定义链
[root@chenxi ~]# iptables -nvL 
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
12776  771K ACCEPT     all  --  *      *       192.168.10.1         0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
17897 3971K ACCEPT     all  --  *      *       0.0.0.0/0            192.168.10.1        
[root@chenxi ~]# iptables -N chenxi
[root@chenxi ~]# iptables -A chenxi -p tcp --tcp-flags ALL ALL -j REJECT   TCP状态连接标志位全为1拒绝掉
[root@chenxi ~]# iptables -A chenxi -p tcp --tcp-flags ALL NONE -j REJECT  TCP状态连接全为0 拒绝掉
[root@chenxi ~]# iptables -nvL 
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
13181  801K ACCEPT     all  --  *      *       192.168.10.1         0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
18067 3989K ACCEPT     all  --  *      *       0.0.0.0/0            192.168.10.1        

Chain chenxi (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00 reject-with icmp-port-unreachable

　　关联自定义链

[root@chenxi ~]# iptables -A INPUT -s 192.168.10.36 -j chenxi   把所有来源地址为192.168.10.36的数据包都丢到chenxi这个链里
[root@chenxi ~]# iptables -nvL 
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
13333  812K ACCEPT     all  --  *      *       192.168.10.1         0.0.0.0/0           
    0     0 chenxi     all  --  *      *       192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
18124 3995K ACCEPT     all  --  *      *       0.0.0.0/0            192.168.10.1        

Chain chenxi (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F reject-with icmp-port-unreachable
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00 reject-with icmp-port-unreachable

删除已关联的自定义链

[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
chenxi     all  --  192.168.10.36        0.0.0.0/0           
CHENXI     all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        
cx         all  --  0.0.0.0/0            0.0.0.0/0           

Chain CHENXI (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53

Chain chenxi (1 references)
target     prot opt source               destination         
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F reject-with icmp-port-unreachable
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00 reject-with icmp-port-unreachable

Chain cx (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:443
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp spt:53
[root@chenxi ~]# iptables -D INPUT 3
[root@chenxi ~]# iptables -D CHENXI 1
[root@chenxi ~]# iptables -D CHENXI 1
[root@chenxi ~]# iptables -D CHENXI 1
[root@chenxi ~]# iptables -D CHENXI 1
[root@chenxi ~]# iptables -D CHENXI 1
iptables: Index of deletion too big.
[root@chenxi ~]# iptables -D CHENXI 1
iptables: Index of deletion too big.
[root@chenxi ~]# iptables -X CHENXI 
[root@chenxi ~]# iptables -D OUTPUT 2
[root@chenxi ~]# iptables -D cx 1
[root@chenxi ~]# iptables -D cx 1
[root@chenxi ~]# iptables -D cx 1
[root@chenxi ~]# iptables -D cx 1
[root@chenxi ~]# iptables -D cx 1
iptables: Index of deletion too big.
[root@chenxi ~]# iptables -D cx 1
iptables: Index of deletion too big.
[root@chenxi ~]# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  192.168.10.1         0.0.0.0/0           
chenxi     all  --  192.168.10.36        0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.10.1        

Chain chenxi (1 references)
target     prot opt source               destination         
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F reject-with icmp-port-unreachable
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00 reject-with icmp-port-unreachable

Chain cx (0 references)
target     prot opt source               destination

草都可以从石头缝隙中长出来更可况你呢

查看全文

相关阅读:
Git 基础
 SharePoint 2013 对象模型操作"网站设置"菜单
 SharePoint 2013 隐藏部分Ribbon菜单
 SharePoint 2013 Designer系列之数据视图筛选
 SharePoint 2013 Designer系列之数据视图
 SharePoint 2013 Designer系列之自定义列表表单
 SharePoint 2013 设置自定义布局页
 SharePoint 2013 "通知我"功能简介
 SharePoint 2013 创建web应用程序报错"This page can’t be displayed"
SharePoint 禁用本地回环的两个方法

原文地址：https://www.cnblogs.com/rdchenxi/p/10557023.html