[root@base1 Desktop]# iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT # 设置使连接过的和正在使用的不读取,那么在后边新写入的策略就会被读取,以此类推,新写入的策略总能被读取到
iptables -A INPUT -m state –state NEW -p tcp –dport 22 -j ACCEPT
[root@base1 Desktop]# iptables -A INPUT -m state –state NEW -p tcp –dport 53 -j ACCEPT
[root@base1 Desktop]# iptables -A INPUT -m state –state NEW -p tcp –dport 80 -j ACCEPT
[root@base1 Desktop]# iptables -A INPUT -m state –state NEW -p tcp –dport 443 -j ACCEPT
[root@base1 Desktop]# iptables -A INPUT -m state –state NEW -p tcp –dport 3260 -j ACCEPT
[root@base1 Desktop]# iptables -A INPUT -m state –state NEW -p -i lo -j ACCEPT
[root@base1 Desktop]# iptables -nL
[root@base1 Desktop]# iptables -F
[root@base1 Desktop]# service iptables save # 保存策略到文件中
[root@base1 Desktop]# cat /etc/sysconfig/iptales
# 在78这台主机上测试,连接成功
[root@foundation78 ~]# ssh root@172.25.254.125
root@172.25.254.125's password: Last login: Sun Dec 9 11:05:36 2018 from 172.25.254.178
[root@base1 ~]# exit
[root@base1 Desktop]# sysctl -a | grep ip_froward # 查看内核IP路由功能功能是否打开、
# 在客户端测试
[root@base3 Desktop]# ssh root@172.25.254.78 # 此处输入的密码是转换后主机的密码
root@172.25.254.784's password:
Last login: Sun Dec 9 12:52:27 2018 from 172.25.254.125
[root@foundation78 ~]# w -i | cat