Edit the iptables configuration file and change the contents of the file to the following, with the IP Address white list feature
#vim/etc/sysconfig/iptables
*filter
: INPUT ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
-n Whitelist
-A whitelist-s 1.2.3.0/24-j ACCEPT
-a whitelist-s 4.5.6.7-j ACCEPT
-a input-m state--state related,established-j C8/>-a input-m State--state new-m tcp-p TCP--dport 22-j
-A Whitelist State input-m--state new-m TCP- Dport 8080-j Whitelist
-a input-p icmp-j ACCEPT
-a input-i lo-j ACCEPT
-a input-j REJECT--reject-wit H icmp-host-prohibited
-A forward-j REJECT--reject-with icmp-host-prohibited
COMMIT
6~8 line is to add a whitelist list, can be an IP segment or a single IP address
The 10~12 line notices "-j whitelist" instead of "-j ACCEPT", which restricts access to the whitelist, which is unrestricted
13 line Any IP address can ping the host, because "-j ACCEPT" did not make the corresponding restrictions
After the configuration is complete, run the command to reboot the firewall for the rule to take effect
#systemctl Restart Iptables.service
Above this article centOS7 uses iptables to configure the IP Address white list method is the small series to share to everybody's content, hoped can give everybody a reference, also hoped that everybody supports the cloud habitat community.