Iptables
yum install iptables iptables-services
systemctl start iptables
iptables -A INPUT -s 86.106.181.76 -j DROP
iptables -A INPUT -s 86.106.181.76 -j REJECT
iptables -A OUTPUT -s 86.106.181.76 -j DROP
iptables -A OUTPUT -s 86.106.181.76 -j REJECT
iptables -A INPUT -s 185.170.213.251 -j DROP
iptables -A INPUT -s 185.170.213.251 -j REJECT
iptables -A OUTPUT -s 185.170.213.251 -j DROP
iptables -A OUTPUT -s 185.170.213.251 -j REJECT
[root@host49 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 确定
iptables -nL --line-numbe
iptables v1.4.21
Usage: iptables -[ACD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)
-[ACD ] -A append -C check -D delete
-I insert
-L list
-S --list-rules
-F flush
Option
-s source
-p protocol
-d destination
-i in-interface
-j jump
firewalld
防火墙
网络场所分区
public: 仅允许访问本机的sshd dhcp ping服务
trusted: 允许任务访问
block : 阻塞任务来的访问请求 (明确拒绝,会响应客户端)
drop: 丢弃任何来访的数据包 (直接丢弃,不给客户端回应)
节省服务器开销,drop优于block
防火墙5元组 : 源IP 源端口 目的IP 目的端口 动作(deny permit)
防火墙匹配原则:匹配即停止
1 查看数据包中源IP, IP落在哪个区域,就进入哪个区域,没匹配,进入默认区域
2 防火墙默认区域 (public)
~ ]
~ ]
防火墙协议的添加
~ ]
~ ]
~ ]
--permanent 永久 保存防火墙策略
firewall-cmd --reload
~ ]
~ ]
firewall-cmd --reload
策略
宽松: 默认区域为trusted,单独拒绝的策略写入block
严格: 默认区域为block,单独拒绝的策略写入trusted
实现本机的端口映射
IP:5423--> IP:80
~ ]
http 80
https 443
ftp 21
tftp 69
telnet 23
dns 53
snmp 161
smtp 25
pop3 110