第一步:查看防火墙规则
sudo iptables -L
第二步:新建文件 /etc/network/iptables.up.rules 加入规则
内容如下:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [151:16324]
-A INPUT -m state –-state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.1.222 -p tp -m tcp –-dport 8080 -jACCEPT (白名单:开放指定端口给指定IP)
-A INPUT -m state –-state NEW -m tcp -p tcp –-dport 80 -j ACCEPT (开放指定端口)
-A INPUT -s 192.168.1.222 -m state –-state NEW -m tcp -p tcp –-dport 80 -j ACCEPT (将上一行注释,此行意思:开放http协议给指定IP)
-A INPUT -m state –-state NEW -m tcp -p tcp –-dport 443 -j ACCEPT
-A INPUT -j REJECT –-reject-with icmp-host-prohibited
-A INPUT -j REJECT --r