Alibabacloud.com offers a wide variety of articles about iptables multiport, easily find your iptables multiport information here online.
-j ACCEPT#iptables-A output-o io-j ACCEPT16. Multi-Port matchingMultiple entries can be combined using multi-port matching to improve matching efficiency.The sshd, VSFTPD, httpd are multi-port merged.#iptables-F#iptables-I input-d 172.16.100.7-p tcp-m state--state established,realted-j ACCEPT#iptables-I INPUT 2-d 172.1
(Reprinted) This iptables is very useful! For more information, see Linux general technology-Linux technology and application. I think the following script is easy to understand! Of course, I would be happy to answer this question if I didn't understand it! Of course, I hope you can point out the error! Thank you for your guidance, especially platinum! Environment: redhat9 loaded the string time and other modules, the loading method reference http://
This iptables script is good, very practical, according to the actual application can be changed to use their own. Share it for everyone to refer to. The original author anon. The source code is as follows: Copy Code code as follows: #!/bin/sh # Modprobe Ipt_masquerade Modprobe ip_conntrack_ftp Modprobe ip_nat_ftp Iptables-f Iptables-t nat-f
PARAMETERSExplanation: -P protocol type: You can specify the Protocol applied by the rule, that is, TCP, UDP, ICMP, and so on. -S source address: the address can be hostname or IP address. -D target IP Address -J action -Line-numbers: used with-L to display the rule's rulenum number -N: outputs IP addresses and ports in numbers. Use MATCH EXTENSIONSExpansion module -M,-match module_name: Enable extended modules, such as state, tcp, udp, multiport
#! /Bin/sh# Modprobe ipt_masquerade Modprobe ip_conntrack_ftp Modprobe ip_nat_ftp Iptables-F Iptables-T nat-F Iptables-x Iptables-T nat-x ########################### Input key################################### Iptables-P input drop Ipta
Firewall iptables analysis One, iptables basic conceptMatch: Matches the specified condition, such as the specified IP address and port.Drop: When a packet arrives, it is simply discarded and no other processing is done.Accept: And discard the opposite, accept this package and let this package pass.Deny (Reject): similar to discard, but it also sends an error message to the source host that sent the package
$ INTERNET_ADDR-j DNAT -- to-destination 192.168.100.200: 21 only access to the specified URL iptables-A Filter-p udp -- dport 53-j ACCEPTiptabl Es-A Filter-p tcp -- dport 53-j ACCEPTiptables-A Filter-d www.3322.org-j ACCEPTiptables-A Filter-d img.cn99.com-j ACCEPTiptables-A Filter-j DROP open an IP some ports, all others close iptables-A Filter-p tcp -- dport 80-s 192.168.100.200-d www.pconline.com.cn-j A
conveniently configured with multiple ports. It can be divided into continuous port configuration and discontinuous port configuration according to the continuity of the port.1. Continuous port configurationSuch as:sudo iptables-a input-p tcp–dport 21:25-j DROPNote: Here is the colon in the English state.2. Use the multiport parameter to configure the discontinuous portSuch as:sudo
Ping/sbin/iptables-a input-p icmp-j DROP/sbin/iptables-i input-s 222.182.40.241-j DROPHttp://www.111cn.net/sys/linux/74503.htmPrevious page:Nagios pnp4nagios Graphics monitoring MySQL in LinuxNext page:Linux prohibits access to an IP address in several ways related content Example of saving iptables firewall rules in 2014.12.11Ubuntu 2014.11.05linux
Facebook during lunchtime (between 12 o'clock to 1 o'clock in the afternoon noon). Assuming that the default rules are discarded, use the iptables time function to implement them. iptables –A OUTPUT -p tcp -m multiport --dport http,https -i eth0 -o eth1 -m time --timestart 12:00 –timestop 13:00 –d 31.13.64.0/18 -j ACCEPT This command specifies that
123.0.0.1 to 123.255.255.254 's orders.Iptables-i input-s 123.0.0.0/8-j DROP#封IP段即从123.45.0.1 to 123.45.255.254 's orders.Iptables-i input-s 124.45.0.0/16-j DROP#封IP段即从123.45.6.1 to 123.45.6.254 's order isIptables-i input-s 123.45.6.0/24-j DROP #外网 Eth0──ip for automatic acquisition#内网 Eth1──ip 172.16.0.0/16 #!/bin/sh#Modprobe Ipt_masqueradeModprobe ip_conntrack_ftpModprobe ip_nat_ftpIptables-fIptables-t nat-fIptables-xIptables-t Nat-x #INPUT Iptables
-- sport 80-d 10.1.1.111-j ACCEPT [root @ mail ~] # Iptables-t filter-a input-I eth0-p tcp -- dport 80-s 10.1.1.0/24-j ACCEPT [root @ mail ~] # Iptables-t filter-a output-o eth0-p tcp -- sport 80-d 10.1.1.0/24-j ACCEPT [root @ mail ~] # Iptables-a input-I eth0-p tcp -- dport 22-j ACCEPT [root @ mail ~] # Iptables-a ou
This article describes 25 common iptables usages. If you do not know iptables, you can refer to the previous iptables detailed tutorial: Basics, architecture, purge rules, append rules, application examples, after reading this article, you can understand the use of iptables and the basic terminology mentioned herein.Fi
Nat table, use the custom chain #iptables-n test-t Nat #iptables -A test-t nat-d 192.168.10.0/24-j SNAT--to 192.168.100.10 #iptables-A postrouting-t nat-s 192.168.21.0/24-j tes T [[email protected] ~]# iptables-a forward-p TCP--dport 22-j ACCEPT[[email protected] ~]# iptables
address 00:0c:29:27:55:3f and the hostIptables-a Forward-m mac--mac-source 00:0c:29:27:55:3f-j DROPDescription: A display match was called using the form "-M module keyword" in iptables. Here we use "-M mac–mac-source" to represent the source MAC address of the packet.11. Allow firewall native to open to TCP ports 20, 21, 25, 110, and Passive mode FTP port 1250-1280Iptables-a input-p tcp-m multiport--dport
, 22, and 3128 Other data packets cannot pass # Iptables-F# Iptables-X# Iptables-P INPUT DROP# Iptables-a input-I eth1-j ACCEPT# Iptables-a input-I eth0-p tcp -- dport 80-jACCEPT# Iptables-a input-I eth0-p tcp -- dport
from the MAC address 00:0c:29:27:55:3f and the hostIptables-a Forward-m mac--mac-source 00:0c:29:27:55:3f-j DROPDescription: A display match was called using the form "-M module keyword" in iptables. Here we use "-M mac–mac-source" to represent the source MAC address of the packet.11. Allow firewall native to open to TCP ports 20, 21, 25, 110, and Passive mode FTP port 1250-1280Iptables-a input-p tcp-m multiport
match is based on the rules to determine the packet, so the order is important[Root@client ~]# iptables-l-N//view rulesChain INPUT (Policy ACCEPT)Target Prot opt source destinationACCEPT TCP--192.168.100.254 0.0.0.0/0 MAC 00:0c:29:0c:7c:4e multiport dports 22,21,20REJECT TCP--192.168.100.254 0.0.0.0/0 TCP dpt:22 reject-with icmp-port-unreachable [Root@server ~]# SSH 192.168.100.20//server-side testThe auth
filter-j DROP Multiple portsIptables-a filter-p tcp-m multiport--destination-port 22,53,80,110-s 192.168.20.3-j REJECT Continuous portIptables-a filter-p tcp-m multiport--source-port 22,53,80,110-s 192.168.20.3-j REJECT iptables-a filter-p TCP--so Urce-port 2:80-s 192.168.20.3-j REJECT Specify time to surf the internetIptables-a filter-s 10.10.10.253-m time--
now I need to make the Web service accessible:# iptables-i input-d your Linux IP address-p tcp-dport 80-j ACCEPT# iptables-i output-s your Linux IP address-p tcp-sport 80-j ACCEPTSo is it not the same as opening the 22 port above, just changing a port? Yes, just a change of port ...Is there any way to get it done at once? Yes:# iptables-i input-d your Linux IP a
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
