iptables--白名单配置

最新推荐文章于 2023-11-27 22:18:21 发布

weixin_30752377

最新推荐文章于 2023-11-27 22:18:21 发布

阅读量199

点赞数

原文链接：http://www.cnblogs.com/jycjy/p/11003913.html

版权

1.服务器22端口和1521端口开通给指定IP

[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
[root@node2 sysconfig]# iptables -F
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1  -p tcp -m tcp --dport 22 -j ACCEPT
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
[root@node2 sysconfig]# iptables -A INPUT -j REJECT
[root@node2 sysconfig]# iptables -I INPUT -s 192.168.222.1  -p tcp -m tcp --dport 1521 -j ACCEPT
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysconfig]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@node2 sysconfig]# service iptables restart
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@node2 sysconfig]# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 
ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:1521 
2    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
3    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 
[root@node2 sysconfig]# iptables -t filter -D INPUT 1
[root@node2 sysconfig]# iptables -t filter -nL INPUT --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  192.168.222.1        0.0.0.0/0           tcp dpt:22 
2    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

2.注意：每次最后需要添加

iptables -I INPUT -i lo -j ACCEPT

iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

转载于:https://www.cnblogs.com/jycjy/p/11003913.html

weixin_30752377

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
iptables--白名单配置

1.服务器22端口和1521端口开通给指定IP[root@node2 sysconfig]# iptables -t filter -nL INPUTChain INPUT (policy ACCEPT)target prot opt source destination ACCEPT all -- 0.0.0.0...
复制链接

扫一扫