Iptables is a firewall on a linux server. It is much more powerful than windows Firewall. Next I will give you a brief introduction to using iptables to disable and unban IP addresses, for more information, see.
The command to block a single IP address is:
| The Code is as follows: | Copy code |
| Iptables-I INPUT-s 211.1.0.0-j DROP |
|
The command to block IP segments is:
| The Code is as follows: | Copy code |
Iptables-I INPUT-s 211.1.0.0/16-j DROP |
|
The command to block the entire segment is:
| The Code is as follows: | Copy code |
Iptables-I INPUT-s 211.0.0.0/8-j DROP |
|
The command for sealing several segments is:
| The Code is as follows: | Copy code |
Iptables-I INPUT-s 61.37.80.0/24-j DROP |
|
Vi/etc/sysconfig/iptables: add a line under the RH-Firewall-1-INPUT-[0: 0]
The following section only allows an IP address to access port xx.
| The Code is as follows: | Copy code |
-A input-s 192.168.5.244-j DROP |
|
These are temporary settings.
2. Save iptables
| The Code is as follows: | Copy code |
# Service iptables save |
|
3. Restart the Firewall
| The Code is as follows: | Copy code |
# Service iptables restart |
|
There are three methods to start self-running on the server:
1. Add it to/etc/rc. local.
2. iptables-save>;/etc/sysconfig/iptables can put your current iptables rules into/etc/sysconfig/iptables, which is automatically executed when the system starts iptables.
3. service iptables save can also put your current iptables rules in/etc/sysconfig/iptables. The system automatically runs iptables when it starts.
The last two are better. Generally, the iptables service is enabled before the network service, which is safer.
To unseal:
| The Code is as follows: | Copy code |
Iptables-d input-s IP address-j REJECT |
|
Sync Flood Prevention)
| The Code is as follows: | Copy code |
| # Iptables-a forward-p tcp-syn-m limit-limit 1/s-j ACCEPT | |
Prevents various port scans
| The Code is as follows: | Copy code |
| # Iptables-a forward-p tcp-flags SYN, ACK, FIN, RST-m limit-limit 1/s-j ACCEPT | |
Ping flood attack (Ping of Death)
| The Code is as follows: | Copy code |
| # Iptables-a forward-p icmp-type echo-request-m limit-limit 1/s-j ACCEPT | |
1. view the settings of IPTABLES on the local machine.
| The Code is as follows: | Copy code |
| # Iptables-L-n | |
2. Clear original rules
# Iptables-F clear the rules of all rule chains in the filter of the preset table
# Iptables-X clear the rules in the User-Defined chain in the filter of the preset table
3. Save the setting rules (the configuration fails due to system restart)
| The Code is as follows: | Copy code |
| #/Etc/rc. d/init. d/iptables save |
|
Save the rule to the/etc/sysconfig/iptables file. You can also manually edit the file.
4. Set preset rules
| The Code is as follows: | Copy code |
| # Iptables-p INPUT DROP # Iptables-p OUTPUT DROP # Iptables-p FORWARD DROP |
|
The preceding rule does not allow any packages to pass.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
