iptables防火墙规则设置
iptables -A INPUT -s 源ip地址 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
保存防火墙iptables配置
[root@x112 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@x112 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited ACCEPT tcp -- 192.168.0.103 anywhere tcp dpt:ssh DROP tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@x112 ~]# ls /etc/sysconfig/iptables /etc/sysconfig/iptables [root@x112 ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.21 on Tue Jul 14 12:04:44 2020 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [73:18704] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A INPUT -s 192.168.0.103/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j DROP -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Jul 14 12:04:44 2020 [root@x112 ~]#
安装防火墙服务端
yum install -y iptalbes.services
rhel6 查看开机自启动
chkconfig --list
启动、关闭,设置开启自启动
service iptables start
service iptables stop
chkconfig --level 2345 iptables on
rhel7防火墙查看开机自启动
systemctl list-unit-files | grep iptables
启动、关闭,设置开启自启动
systemctl start iptables
systemctl stop iptables
systemctl enable iptables