android iptable指定ip,iptables 设置特定IP访问指定端口

一、添加规则:设置禁止所有IP访问指定端口8075

[root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP

二、测试telnet

[root@zabbix_server ~]# telnet 127.0.0.1 8075Trying127.0.0.1...

telnet: connect to address127.0.0.1: Connection timed out

三、删除规则:

1、查询规则编号

[root@zabbix_server ~]# iptables --line -nvL INPUT

Chain INPUT (policy DROP83 packets, 4016bytes)

num pkts bytes target prot optinout source destination1 8 408 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075

2 144M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED3 4037 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

4 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601

5 4085 218K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

6 22638 1169K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

7 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000

8 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050

9 76134 4093K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051

可以看到禁止访问8075的规则编号为1

2、删除指定规则编号的规则

[root@zabbix_server ~]# iptables -D INPUT 1

再查询

[root@zabbix_server ~]# iptables --line -nvL INPUT

Chain INPUT (policy DROP20 packets, 961bytes)

num pkts bytes target prot optinout source destination1 144M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED2 4038 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

3 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601

4 4087 218K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

5 22644 1169K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

6 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000

7 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050

8 76156 4094K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051

9 44 2208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dp

已经删除了,测试telnet

[root@zabbix_server ~]# telnet 127.0.0.1 8075Trying127.0.0.1...

Connected to127.0.0.1.

Escape character is'^]'.

四、设置指定IP访问指定端口8075

1、添加规则:禁止所有IP访问8075

[root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP

[root@zabbix_server~]# iptables --line -nvL INPUT

Chain INPUT (policy DROP3 packets, 156bytes)

num pkts bytes target prot optinout source destination1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075

2 145M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED3 4038 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

4 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601

5 4090 219K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

6 22650 1169K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

7 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000

8 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050

9 76183 4095K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051

10 44 2208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3000

11 7 284 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5672

12 2 80 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dp

2、添加规则:允许127.0.0.1访问8075

[root@zabbix_server ~]# iptables -I INPUT -s 127.0.0.1 -p tcp --dport 8075 -j ACCEPT

3、查询规则:

[root@zabbix_server ~]# iptables --line -nvL INPUT

Chain INPUT (policy DROP20 packets, 1004bytes)

num pkts bytes target prot optinout source destination1 0 0 ACCEPT tcp -- * * 127.0.0.1 0.0.0.0/0 tcp dpt:8075

2 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075

3 145M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED4 4039 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

5 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601

6 4096 219K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

7 22660 1170K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

8 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000

9 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050

规则已经添加,测试

[root@zabbix_server ~]# telnet 127.0.0.1 8075Trying127.0.0.1...

Connected to127.0.0.1.

Escape character is'^]'.

本机可以访问8075,其他机器上不能访问8075

[root@localhost etc]# telnet 172.28.18.75 8075

Trying 172.28.18.75...

telnet: connect to address 172.28.18.75: Connection timed out

4、允许172.28.18.71可以访问8075,(172.28.18.71是需要访问8075的服务器)

[root@zabbix_server ~]# iptables -I INPUT -s 172.28.18.71 -p tcp --dport 8075 -j ACCEPT

查看规则

[root@zabbix_server ~]# iptables --line -nvL INPUT

Chain INPUT (policy DROP9 packets, 456bytes)

num pkts bytes target prot optinout source destination1 0 0 ACCEPT tcp -- * * 172.28.18.71 0.0.0.0/0 tcp dpt:8075

2 3 132 ACCEPT tcp -- * * 127.0.0.1 0.0.0.0/0 tcp dpt:8075

3 7 420 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075

4 145M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED5 4040 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0

6 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601

7 4100 219K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80

8 22674 1171K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306

在172.28.18.71上测试telnet 8075

[root@localhost etc]# telnet 172.28.18.75 8075Trying172.28.18.75...

Connected to172.28.18.75.

Escape character is'^]'.

访问成功,保存规则

[root@zabbix_server ~]# service iptables save

iptables:将防火墙规则保存到/etc/sysconfig/iptables:[确定]

重启服务

[root@zabbix_server ~]# service iptables save

iptables:将防火墙规则保存到/etc/sysconfig/iptables:[确定]

[root@zabbix_server~]# service iptables restart

iptables:将链设置为政策 ACCEPT:filter [确定]

iptables:清除防火墙规则:[确定]

iptables:正在卸载模块:[确定]

iptables:应用防火墙规则:[确定]

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值