iptables--白名单配置
1.服务器22端口和1521端口开通给指定IP
[root@node2 sysconfig]# iptables -t filter -nL INPUT Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited [root@node2 sysconfig]# iptables -F [root@node2 sysconfig]# iptables -t filter -nL INPUT Chain INPUT (policy ACCEPT) target prot opt source destination [root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1 -p tcp -m tcp --dport 22 -j ACCEPT [root@node2 sysconfig]# iptables -t filter -nL INPUT Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22 [root@node2 sysconfig]# iptables -A INPUT -j REJECT [root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1 -p tcp -m tcp --dport 1521 -j ACCEPT [root@node2 sysconfig]# iptables -t filter -nL INPUT Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:1521 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable [root@node2 sysconfig]# service iptables save iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] [root@node2 sysconfig]# service iptables restart iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@node2 sysconfig]# iptables -t filter -nL INPUT Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:1521 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable [root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:1521 2 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22 3 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable [root@node2 sysconfig]# iptables -t filter -D INPUT 1 [root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 192.168.222.1 0.0.0.0/0 tcp dpt:22 2 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable