1. Install iptables Firewall
If no installation of iptables is required first, CentOS executes:
Yum Install Iptables
Debian/ubuntu Execution:
Apt-get Install Iptables
2. Clear existing iptables rules
Iptables-f
Iptables-x
Iptables-z
3, open the specified port
#允许本地回环接口 (that is, running native access to this machine)
Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# allow established or connected passes
Iptables-a input-m State--state established,related-j ACCEPT
#允许所有本机向外的访问
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p TCP--dport 22-j ACCEPT
#允许访问80端口
Iptables-a input-p TCP--dport 80-j ACCEPT
#允许FTP服务的21和20端口
Iptables-a input-p TCP--dport 21-j ACCEPT
Iptables-a input-p TCP--dport 20-j ACCEPT
#如果有其他端口的话, the rules are similar, and you can modify the above statements slightly.
#禁止其他未允许的规则访问
Iptables-a input-j REJECT (Note: If the 22 port does not join the Allow rule, the SSH link will be disconnected directly.) )
Iptables-a forward-j REJECT
4. Shielded IP
#如果只是想屏蔽IP的话 "3, open specified port" can be skipped directly.
#屏蔽单个IP的命令是
Iptables-i input-s 123.45.6.7-j DROP
#封整个段即从123.0.0.1 to 123.255.255.254 command
Iptables-i input-s 123.0.0.0/8-j DROP
#封IP段即从123.45.0.1 to 123.45.255.254 command
Iptables-i input-s 124.45.0.0/16-j DROP
#封IP段即从123.45.6.1 to 123.45.6.254 command is
Iptables-i input-s 123.45.6.0/24-j DROP
4. View the iptables rules that have been added
Iptables-l-N
V: Show details, including the number of matched packets per rule and the number of matching bytes
X: Disables automatic unit conversions (K, M) on a v basis
N: Show only IP address and port number, do not resolve IP to domain name
5. Delete the iptables rule that has been added
Displays all iptables as an ordinal tag, executing:
Iptables-l-N--line-numbers
For example, to delete the rule with the number 8 in input, execute:
Iptables-d INPUT 8
6, iptables boot and rule save
CentOS may exist after installing the iptables, Iptables does not boot from the boot, you can execute:
Chkconfig--level 345 iptables on
Add it to boot.
CentOS can be performed: Service iptables save the rule.
It is also important to note that debian/ubuntu on iptables will not save the rules.
Need to follow the following steps, so that the network card shutdown is to save iptables rules, start loading iptables rules:
Create the/etc/network/if-post-down.d/iptables file and add the following:
#!/bin/bash
Iptables-save >/etc/iptables.rules
Execute: chmod x/etc/network/if-post-down.d/iptables Add execute permissions.
Create the/etc/network/if-pre-up.d/iptables file and add the following:
#!/bin/bash
Iptables-restore </etc/iptables.rules
Execute: chmod x/etc/network/if-pre-up.d/iptables Add execute permissions.
More information on how to use iptables can be performed: Iptables--help or search the web for a description of the iptables parameter.
This article is from the It Dick thread blog, so be sure to keep this source http://68686789.blog.51cto.com/10438688/1704674
Basic application Tutorial of Iptables firewall on Linux