Basic application Tutorial of Iptables Firewall on Inux

Source: Internet
Author: User
Tags vps to domain

Iptables is commonly used on Linux firewall software, the following VPS detective to everyone said Iptables installation, clear iptables rules, iptables only open the designated port, iptables shield designated IP, IP segment and unblock, Remove basic applications such as iptables that have been added iptables rules.

1. Install iptables Firewall

If no installation of iptables is required first,CentOS executes:

Yum Install Iptables

Debian/ubuntu Execution:

Apt-get Install Iptables2. Clear existing iptables rulesIptables-f
IPTABLES-Z3, opening the specified port

The-A and-I parameters are added to the end of the rule and to the front of the rule, respectively.

#允许本地回环接口 (that is, running native access to this machine)
Iptables-a input-i lo-j ACCEPT
# allow established or connected passes
Iptables-a input-m State--state established,related-j ACCEPT
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p TCP--dport 22-j ACCEPT
Iptables-a input-p TCP--dport 80-j ACCEPT
Iptables-a input-p TCP--dport 21-j ACCEPT
Iptables-a input-p TCP--dport 20-j ACCEPT
#如果有其他端口的话, the rules are similar, and you can modify the above statements slightly.
Iptables-a input-p icmp-m ICMP--icmp-type 8-j ACCEPT
Iptables-a input-j REJECT # (Note: If the 22 port is not joined to the Allow rule, the SSH link will be disconnected directly.) )
Iptables-a forward-j REJECT4, shielding ip# if only want to block the IP words "3, open the specified port" can skip directly.
Iptables-i input-s DROP
#封整个段即从123.0.0.1 to command
Iptables-i input-s DROP
#封IP段即从123.45.0.1 to command
Iptables-i input-s DROP
#封IP段即从123.45.6.1 to command is
Iptables-i input-s DROP4, view added iptables rule iptables-l-N

V: Show details, including the number of matched packets per rule and the number of matching bytes
x: On the basis of V, Prohibit automatic unit conversion (K, M) VPS Detective
N: Show only IP address and port number, do not resolve IP to domain name

5. Delete the iptables rule that has been added

Displays all iptables as an ordinal tag, executing:


For example, to delete the rule with the number 8 in input, execute:

iptables-d INPUT 86, iptables boot and rule saving

CentOS may exist after installing the iptables, Iptables does not boot from the boot, you can execute:

Chkconfig--level 345 iptables on

Add it to boot.

CentOS can be performed: Service iptables save the rule.

It is also important to note that debian/ubuntu on iptables will not save the rules.

Need to follow the following steps, so that the network card shutdown is to save iptables rules, start loading iptables rules:

Create the/etc/network/if-post-down.d/iptables file and add the following:

Iptables-save >/etc/iptables.rules

Execute: chmod +x/etc/network/if-post-down.d/iptables Add execute permissions.

Create the/etc/network/if-pre-up.d/iptables file and add the following:

Iptables-restore </etc/iptables.rules

Execute: chmod +x/etc/network/if-pre-up.d/iptables Add execute permissions.

More information on how to use iptables can be performed: Iptables--help or search the web for a description of the iptables parameter.

Basic application Tutorial of Iptables Firewall on Inux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.