[edgen@xiangyoujiuyou ~]$ su - root
口令:
[root@rhel54 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
[root@rhel54 ~]# iptables -F
[root@rhel54 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
[root@rhel54 ~]# iptables -X
[root@rhel54 ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@rhel54 ~]# /etc/rc.d/init.d/iptables save
将当前规则保存到 /etc/sysconfig/iptables: [确定]
[root@rhel54 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1521 -j ACCEPT
[root@rhel54 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 1158 -j ACCEPT
[root@rhel54 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 80 -j ACCEPT
[root@rhel54 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8080 -j ACCEPT
[root@rhel54 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 443 -j ACCEPT
[root@rhel54 ~]# iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 8443 -j ACCEPT
[root@rhel54 ~]# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
[root@rhel54 ~]# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1521
2 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1158
3 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:80
4 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:8080
5 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:443
6 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:8443
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@rhel54 ~]# iptables -R INPUT 3 -p tcp --dport 80 -j ACCEPT
[root@rhel54 ~]# iptables -R INPUT 4 -p tcp --dport 8080 -j ACCEPT
[root@rhel54 ~]# iptables -R INPUT 5 -p tcp --dport 443 -j ACCEPT
[root@rhel54 ~]# iptables -R INPUT 6 -p tcp --dport 8443 -j ACCEPT
[root@rhel54 ~]# iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1521
2 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1158
3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@rhel54 ~]# iptables -P INPUT REJECT
iptables: Bad policy name
[root@rhel54 ~]# iptables -P INPUT DROP
[root@rhel54 ~]# iptables -A INPUT -p icmp -j ACCEPT
[root@rhel54 ~]# iptables -I INPUT 1 -s 192.168.1.121 -d 192.168.1.121 -j ACCEPT
[root@rhel54 ~]# iptables -I INPUT 1 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
[root@rhel54 ~]# iptables -L -n --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- 127.0.0.1 127.0.0.1
2 ACCEPT all -- 192.168.1.nnn 192.168.1.nnn
3 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1521
4 ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:1158
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8443
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
10 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@rhel54 ~]# /etc/rc.d/init.d/iptables save
将当前规则保存到 /etc/sysconfig/iptables: [确定]
[root@rhel54 ~]# service iptables restart
清除防火墙规则: [确定]
把 chains 设置为 ACCEPT 策略:filter [确定]
正在卸载 Iiptables 模块: [确定]
应用 iptables 防火墙规则: [确定]
载入额外 iptables 模块:ip_conntrack_netbios_ns ip_conntrac[确定]
[root@rhel54 ~]# init 6