<pre name="code" class="html">[root@wx02 ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Tue Sep 20 11:18:45 2016 *filter :INPUT ACCEPT [100:5792] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [104:8990] COMMIT # Completed on Tue Sep 20 11:18:45 2016 先允许,在拒绝 iptables -I INPUT -s 115.236.6.6 -p tcp --dport 22 -j ACCEPT iptables -I INPUT -p tcp --dport 22 -j DROP # service iptables save 3.重启防火墙 #service iptables restart /**先拒绝所有,在允许 [root@wx02 ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.4.7 on Tue Sep 20 11:39:10 2016 *filter :INPUT ACCEPT [293:18238] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [231:19319] -A INPUT -s 115.236.6.6/32 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j DROP COMMIT # Completed on Tue Sep 20 11:39:10 2016 [root@wx02 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 115.236.6.6 anywhere tcp dpt:ssh DROP tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@wx02 ~]#