iptables配置方法
1.查看之前是否打开iptables
systemctl status iptables #查看当前是否打开iptables
iptables -nL #查看当前规则
2.如果没有安装iptables,需要安装
wget https://alist.yyzq.cf/d/%20%E6%9C%AC%E5%9C%B0%E7%BD%91%E7%9B%98/linux/iptables/iptables-1.4.21-35.el7.x86_64.rpm #下载安装包wget https://alist.yyzq.cf/d/%20%E6%9C%AC%E5%9C%B0%E7%BD%91%E7%9B%98/linux/iptables/iptables-services-1.4.21-35.el7.x86_64.rpm #下载安装包ll #查看下载的文件rpm -Uvh iptables-1.4.21-35.el7.x86_64.rpm #本地安装rpm -Uvh iptables-services-1.4.21-35.el7.x86_64.rpm #本地安装
cp /etc/sysconfig/iptables /etc/sysconfig/iptables_bak #由于之前没有使用iptables,直接备份默认规则
3.写入新规则
vim /etc/sysconfig/iptables
# sample configuration for iptables service# you can edit this manually or use system-config-firewall# please do not ask us to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT#添加白名单-A INPUT -s 35.241.119.219 -j ACCEPT-A INPUT -s 192.168.131.194 -j ACCEPT-A INPUT -s 192.168.131.195 -j ACCEPT-A INPUT -s 192.168.131.196 -j ACCEPT-A INPUT -s 192.168.131.197 -j ACCEPT-A INPUT -s 192.168.131.198 -j ACCEPT-A INPUT -s 192.168.131.199 -j ACCEPT-A INPUT -s 192.168.131.200 -j ACCEPT-A INPUT -s 192.168.131.201 -j ACCEPT-A INPUT -s 192.168.131.202 -j ACCEPT-A INPUT -s 192.168.131.203 -j ACCEPT-A INPUT -s 192.168.131.204 -j ACCEPT-A INPUT -s 192.168.131.205 -j ACCEPT-A INPUT -s 192.168.131.206 -j ACCEPT-A INPUT -s 192.168.131.207 -j ACCEPT-A INPUT -s 192.168.131.208 -j ACCEPT-A INPUT -s 192.168.131.209 -j ACCEPT-A INPUT -s 192.168.131.210 -j ACCEPT-A INPUT -s 192.168.131.211 -j ACCEPT-A INPUT -s 192.168.131.212 -j ACCEPT-A INPUT -s 192.168.131.213 -j ACCEPT-A INPUT -s 192.168.131.214 -j ACCEPT-A INPUT -s 34.92.77.242 -j ACCEPT#除了白名单的ip其他IP全部拒绝9999端口-A INPUT -p tcp --dport 9999 -j DROPCOMMIT
4.重启iptables
systemctl restart iptables #重启iptables
iptables -nL #再次查看新规则
5.删除规则
vim /etc/sysconfig/iptables #如果需要删除规则再次编辑此文件
systemctl restart iptables #重启iptables
声明:本站部分内容及图片来自互联网,转载是出于传递更多信息之目的,内容观点仅代表作者本人,不构成投资建议。投资者据此操作,风险自担。如有任何标注错误或版权侵犯请与我们联系,我们将及时更正、删除。