CentOS Configuration Iptables

Eliminate default rules before first configuration

#这个一定要先做, or it might be tragic after emptying iptables-p INPUT accept# Empty The default all rules iptables-f# Erase all custom rules iptables-x# counter 0 iptables-z

Configuration rules

#如果没有此规则, you will not be able to access local services through 127.0.0.1, such as ping 127.0.0.1 iptables-a input-i lo-j ACCEPT #开启ssh端口22 iptables-a input-p TCP-  -dport 22-j accept# Open FTP port iptables-a input-p TCP--dport 21-j accept# open Web service port 80iptables-a input-p TCP--dport 80 -j accept#tomcat iptables-a input-p tcp--dport 8080-j accept#mysql iptables-a input-p tcp--dport xxxx-j accept# allow ICMP packets pass, that is, allow ping iptables-a input-p icmp-m ICMP--icmp-type 8-j accept# allow all external requests to return packets #本机对外请求相当于OUTPUT, for the return packet must receive Ah, this is quite On INPUT iptables-a input-m State--state established-j accept# If you want to add an intranet IP trust (accept all of its TCP requests) Iptables-a Input-p Tcp-s 45.96 .174.68-j accept# allow up to 5 new connections per second iptables-a forward-p tcp--syn-m limit--limit 1/s--limit-burst 5-j accept# allows up to 5 new connections per second Iptables-a forward-p tcp--tcp-flags syn,ack,fin,rst rst-m limit--limit 1/s-j accept#ping flood attack iptables-a Forward-p I CMP--icmp-type echo-request-m limit--limit 1/s-j accept# the command to seal a single IP is: iptables-i input-s 222.34.135.106-j drop# the command to block IP segments is : Iptables-i input-s 211.1.0.0/16-j dropiptables-i input-s 211.2.0.0/16-j dropiptables-i input-s 211.3.0.0/16-j drop# the command to seal the whole segment is: iptables-i Input-s 211.0.0.0/8-j drop# Several paragraphs of the command is: iptables-i input-s 61.37.80.0/24-j dropiptables-i input-s 61.37.81.0/24-j DROP #过滤所有非以上规则的请求 iptables-p INPUT DROP

Save restart

Service iptables saveservice iptables restart

CentOS Configuration Iptables