一、添加规则:设置禁止所有IP访问指定端口8075
[root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP
二、测试telnet
[root@zabbix_server ~]# telnet 127.0.0.1 8075Trying127.0.0.1...
telnet: connect to address127.0.0.1: Connection timed out
三、删除规则:
1、查询规则编号
[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP83 packets, 4016bytes)
num pkts bytes target prot optinout source destination1 8 408 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075
2 144M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED3 4037 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601
5 4085 218K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 22638 1169K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
7 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000
8 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050
9 76134 4093K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051
可以看到禁止访问8075的规则编号为1
2、删除指定规则编号的规则
[root@zabbix_server ~]# iptables -D INPUT 1
再查询
[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP20 packets, 961bytes)
num pkts bytes target prot optinout source destination1 144M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED2 4038 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
3 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601
4 4087 218K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
5 22644 1169K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
6 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000
7 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050
8 76156 4094K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051
9 44 2208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dp
已经删除了,测试telnet
[root@zabbix_server ~]# telnet 127.0.0.1 8075Trying127.0.0.1...
Connected to127.0.0.1.
Escape character is'^]'.
四、设置指定IP访问指定端口8075
1、添加规则:禁止所有IP访问8075
[root@zabbix_server ~]# iptables -I INPUT -p tcp --dport 8075 -j DROP
[root@zabbix_server~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP3 packets, 156bytes)
num pkts bytes target prot optinout source destination1 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075
2 145M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED3 4038 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
4 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601
5 4090 219K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 22650 1169K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
7 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000
8 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050
9 76183 4095K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10051
10 44 2208 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3000
11 7 284 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5672
12 2 80 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dp
2、添加规则:允许127.0.0.1访问8075
[root@zabbix_server ~]# iptables -I INPUT -s 127.0.0.1 -p tcp --dport 8075 -j ACCEPT
3、查询规则:
[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP20 packets, 1004bytes)
num pkts bytes target prot optinout source destination1 0 0 ACCEPT tcp -- * * 127.0.0.1 0.0.0.0/0 tcp dpt:8075
2 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075
3 145M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED4 4039 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
5 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601
6 4096 219K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 22660 1170K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
8 264K 14M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9000
9 443K 23M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:10050
规则已经添加,测试
[root@zabbix_server ~]# telnet 127.0.0.1 8075Trying127.0.0.1...
Connected to127.0.0.1.
Escape character is'^]'.
本机可以访问8075,其他机器上不能访问8075
[root@localhost etc]# telnet 172.28.18.75 8075
Trying 172.28.18.75...
telnet: connect to address 172.28.18.75: Connection timed out
4、允许172.28.18.71可以访问8075,(172.28.18.71是需要访问8075的服务器)
[root@zabbix_server ~]# iptables -I INPUT -s 172.28.18.71 -p tcp --dport 8075 -j ACCEPT
查看规则
[root@zabbix_server ~]# iptables --line -nvL INPUT
Chain INPUT (policy DROP9 packets, 456bytes)
num pkts bytes target prot optinout source destination1 0 0 ACCEPT tcp -- * * 172.28.18.71 0.0.0.0/0 tcp dpt:8075
2 3 132 ACCEPT tcp -- * * 127.0.0.1 0.0.0.0/0 tcp dpt:8075
3 7 420 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8075
4 145M 15G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0state RELATED,ESTABLISHED5 4040 214K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
6 3 156 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25601
7 4100 219K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
8 22674 1171K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:3306
在172.28.18.71上测试telnet 8075
[root@localhost etc]# telnet 172.28.18.75 8075Trying172.28.18.75...
Connected to172.28.18.75.
Escape character is'^]'.
访问成功,保存规则
[root@zabbix_server ~]# service iptables save
iptables:将防火墙规则保存到/etc/sysconfig/iptables:[确定]
重启服务
[root@zabbix_server ~]# service iptables save
iptables:将防火墙规则保存到/etc/sysconfig/iptables:[确定]
[root@zabbix_server~]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则:[确定]
iptables:正在卸载模块:[确定]
iptables:应用防火墙规则:[确定]