Because of the heavy use of Ubuntu12.04, unable to purchase hardware firewall, so use iptables for simple policy control;
Ubuntu12.04 with the firewall software UFW, control services and ports very easy but for the strong iptables there is still a gap;
So unload
Apt-get Remove Ufw-y
This version of Ubuntu Iptables is very different from the Redhat configuration.
Redhat Way:
Redhat just write the configuration to the/etc/sysconfig/iptables file
And then
/etc/init.d/iptables Reload
Iptables-nl
2. Ubuntu mode
Ubuntu is not actually like this,
Ubuntu Iptables is not a service
Executive Iptables-save
Error message display not created/etc/network/iptables
Iptables-restore </etc/network/iptables #转存规则
Iptables-save #保存规则
IPTABLES-NL #查看规则
3. configuration file Rules Example
# Generated by Iptables-save v1.4.21 on Tue 17 03:39:50 2016
*nat
:P rerouting ACCEPT [36:5,869]
: INPUT ACCEPT [36:5,869]
: OUTPUT ACCEPT [15:939]
:P ostrouting ACCEPT [15:939]
COMMIT
# completed on Tue 17 03:39:50 2016
# Generated by Iptables-save v1.4.21 on Tue 17 03:39:50 2016
*mangle
:P rerouting ACCEPT [1085:768,611]
: INPUT ACCEPT [1085:768,611]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [720:76,434]
:P ostrouting ACCEPT [720:76,434]
COMMIT
# completed on Tue 17 03:39:50 2016
# Generated by Iptables-save v1.4.21 on Tue 17 03:39:50 2016
*filter
: INPUT ACCEPT [836:749,295]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [720:76,434]
# git
-A input-s 192.168.3.13/32-p tcp-m tcp--dport 29418-j ACCEPT
-A input-s 192.168.3.12/32-p tcp-m tcp--dport 29418-j ACCEPT
-A input-s 192.168.3.11/32-p tcp-m tcp--dport 29418-j ACCEPT
-A input-s 192.168.3.10/32-p tcp-m tcp--dport 29418-j ACCEPT
-A input-p tcp-m tcp--dport 29418-j DROP
# XRDP
-A input-s 192.168.3.10/32-p tcp-m tcp--dport 3389-j ACCEPT
-A input-p tcp-m tcp--dport 3389-j DROP
# SSH
-A input-s 192.168.3.13/32-p tcp-m tcp--dport 22-j ACCEPT
-A input-s 192.168.3.12/32-p tcp-m tcp--dport 22-j ACCEPT
-A input-s 192.168.3.11/32-p tcp-m tcp--dport 22-j ACCEPT
-A input-p tcp-m tcp--dport 22-j DROP
COMMIT
This article is from the "M-tier" blog, so be sure to keep this source http://mengix.blog.51cto.com/7194660/1794970
Ubuntu12.04 Firewall Intranet Configuration