Linux iptables: Scenario 1

Linux iptables: Scenario 1

"Linux iptables: Rule principles and basics" and "Linux iptables: Rule composition" describe the basics of iptables and the composition of iptables rules. This article uses actual operations to demonstrate iptables application scenarios.

Firewall setting policy

--------------------------------------------------------------------------------

Firewall Configuration policies are generally divided into two types: one is "pass", and the other is "Block:

By default, all data packets are not allowed to pass. Rules are defined for allowed data packets.

The blocking policy means that all data packets are allowed to pass by default, and rules are defined for the data packets to be rejected.

Generally, server firewall settings adopt the first policy with higher security. The scenario described in this article also uses the "pass" policy.

Scenario Definition

--------------------------------------------------------------------------------

Assume that this article implements the rules defined in the following scenarios:

1. open ports 80, 22, and 10-21 of the Local Machine to all addresses;

2. Enable ICMP Packet Access for All addresses;

3. Access from other unpermitted ports is prohibited.

Iptables rule implementation

--------------------------------------------------------------------------------

To implement the command operations defined above:

Clear all default rules first

Iptables-F

Open Port

Iptables-I INPUT-p tcp -- dport 80-j ACCEPT

Iptables-I INPUT-p tcp -- dport 22-j ACCEPT

Open ICMP

Iptables-I INPUT-p icmp-j ACCEPT

Disable other ports

Iptables-a input-j REJECT

View rules

Iptables-L-n

Operation Result:

Key Points of iptables rule Definition

--------------------------------------------------------------------------------

Note the following points during the above operations:

1. Be sure to allow access from port 22. Otherwise, SSH will be disconnected immediately when iptables-a input-j REJECT is INPUT, and remote operations cannot be performed;

2. iptables-a input-j REJECT must be appended to the end of the rule using command A, and cannot be inserted using the I command, so that the rejected operation will take effect at the end;

3. You can use the Start port: End port to specify a port in a continuous range.

-------------------------------------- Split line --------------------------------------

Disable the default firewall in CentOS 7.0 and enable the iptables firewall.

Iptables examples

Linux Firewall iptables

Basic use of iptables backup, recovery, and firewall scripts

Detailed description of firewall iptables usage rules in Linux

-------------------------------------- Split line --------------------------------------

This article permanently updates the link address: