zoukankan html css js c++ java

iptables配置管理

iptables -t filter -A INPUT -s 192.168.1.1 -j DROP

表　　链　　匹配属性　　动作

表--要执行的相关功能，eg过滤功能用到filter表，修改ip地址用到nat表，高级配置用到mangle表

链--过滤点，eg处理入向流量用input，出向output..forward、prerouting、postrouting

匹配属性--哪条数据包符合

动作--最后跟我们的动作

常用的参数drop reject有区别

[root@py ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

[root@py ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@py ~]# iptables -I INPUT 2 -p tcp --dport 22 -j ACCEPT
[root@py ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@py ~]# iptables -D INPUT 2
[root@py ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-s 源地址 -d目标地址

-i入口接口-o出口接口

‘！’取反，所有不来自192.168.1.0/24

注意

如果是远程管理一个linux主机并修改iptables规则，则必须先允许来自客户端主机的ssh流量确保这是第一条iptables规则，否则可能会由于配置失误将自己所在外面！

查看全文

相关阅读:
java实现取球类的博弈问题
 下载安装eclipse
配置jdk环境变量
 蓝桥杯三羊献瑞题目
 java用Kruskal实现最小生成树
 java创建自定义类的数组
 java暴力递归回溯算法
 易理解java代码8皇后问题
 Listview 点击获取view
java android布局里的控件值反射绑定给实体类，实体类绑定给控件，表单提交绑定很有用

原文地址：https://www.cnblogs.com/zq6041/p/6900618.html