iptables--白名单配置-白红宇

iptables--白名单配置

阅读量：4983 次

发布时间：2019-06-12

本文共 3335 字，大约阅读时间需要 11 分钟。

1.服务器22端口和1521端口开通给指定IP

[root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)target     prot opt source               destination         ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited [root@node2 sysconfig]# iptables -F[root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)target     prot opt source               destination         [root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1  -p tcp -m tcp --dport 22 -j ACCEPT[root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)target     prot opt source               destination         ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 [root@node2 sysconfig]# iptables -A INPUT -j REJECT[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1  -p tcp -m tcp --dport 1521 -j ACCEPT[root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)target     prot opt source               destination         ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable [root@node2 sysconfig]# service iptables saveiptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ][root@node2 sysconfig]# service iptables restartiptables: Setting chains to policy ACCEPT: filter          [  OK  ]iptables: Flushing firewall rules:                         [  OK  ]iptables: Unloading modules:                               [  OK  ]iptables: Applying firewall rules:                         [  OK  ][root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)target     prot opt source               destination         ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable [root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbersChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 2    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 3    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable [root@node2 sysconfig]# iptables -t filter -D INPUT 1[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbersChain INPUT (policy ACCEPT)num  target     prot opt source               destination         1    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 2    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

2.注意：每次最后需要添加

iptables -I INPUT -i lo -j ACCEPT

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

转载于:https://www.cnblogs.com/jycjy/p/11003913.html

你可能感兴趣的文章

FLASK安装--兼收EZ_INSTALL及PIP

查看>>

C++静态成员变量和静态成员函数小结

查看>>

Python---Flask--02--模板

查看>>

PHP学习笔记---封装（面向对象三大特性之一)