iptables

http://linux.vbird.org/linux_server/0250simple_firewall.php#netfilter

iptables 是利用封包过滤机制, 分析封包的表头资料,根据表头资料定义的规则来决定是否可以进入主机或者被丢弃.

刚才在服务器上练习的时候把自己给屏蔽了,提醒大家拿其他同学的ip做练习,哈哈.

$iptables [-t tables] [-L] [-nv]

-t: 后面接table,  例如nat 或者filter,如果省略此项目,则使用预设的filter

-L:列出目前的table的规则

-n: 不进行IP与HOSTNAME的反查

-v: 列出更多的信息,包括通过该规则的封包总位元数等


tty:[0] jobs:[0] cwd:[/opt/app]
14:50 [root@a]$ iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  10.103.55.165        0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  


15:08 [root@a]$ iptables -h
iptables v1.3.5

Usage: iptables -[AD] chain rule-specification [options]
       iptables -[RI] chain rulenum rule-specification [options]
       iptables -D chain rulenum [options]
       iptables -[LFZ] [chain] [options]
       iptables -[NX] chain
       iptables -E old-chain-name new-chain-name
       iptables -P chain target [options]
       iptables -h (print this help information)

Commands:
Either long or short options are allowed.
  --append  -A chain		Append to chain
  --delete  -D chain		Delete matching rule from chain
  --delete  -D chain rulenum
				Delete rule rulenum (1 = first) from chain
  --insert  -I chain [rulenum]
				Insert in chain as rulenum (default 1=first)
  --replace -R chain rulenum
				Replace rule rulenum (1 = first) in chain
  --list    -L [chain]		List the rules in a chain or all chains
  --flush   -F [chain]		Delete all rules in  chain or all chains
  --zero    -Z [chain]		Zero counters in chain or all chains
  --new     -N chain		Create a new user-defined chain
  --delete-chain
            -X [chain]		Delete a user-defined chain
  --policy  -P chain target
				Change policy on chain to target
  --rename-chain
            -E old-chain new-chain
				Change chain name, (moving any references)
Options:
  --proto	-p [!] proto	protocol: by number or name, eg. `tcp'
  --source	-s [!] address[/mask]
				source specification
  --destination -d [!] address[/mask]
				destination specification
  --in-interface -i [!] input name[+]
				network interface name ([+] for wildcard)
  --jump	-j target
				target for rule (may load target extension)
  --goto      -g chain
                              jump to chain with no return
  --match	-m match
				extended match (may load extension)
  --numeric	-n		numeric output of addresses and ports
  --out-interface -o [!] output name[+]
				network interface name ([+] for wildcard)
  --table	-t table	table to manipulate (default: `filter')
  --verbose	-v		verbose mode
  --line-numbers		print line numbers when listing
  --exact	-x		expand numbers (display exact values)
[!] --fragment	-f		match second or further fragments only
  --modprobe=<command>		try to insert modules using this command
  --set-counters PKTS BYTES	set the counter during insert/append
[!] --version	-V		print package version.

接下来新建一条

15:10 [root@a]$ iptables -A INPUT -s 16.16.136.66 -j DROP

由于写的是自己的ip地址,回车后已不能继续在服务器上继续操作...只能找同学帮忙删了服务器上的配置

查看一下

15:12 [root@a]$ iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       all  --  10.166.16.66        0.0.0.0/0           
DROP       all  --  16.16.136.66         0.0.0.0/0           

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination  


删除刚才新建的那条

15:12 [root@a]$ iptables -D INPUT 2









评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值