The main 2 basic practical applications, mainly related to the ban Ping (IPv4) and the prohibition of UDP, that is, the use of the server to prevent hackers to outsource DDoS attack content.
First, if there is no iptables prohibit ping
echo 1 >/proc/sys/net/ipv4/icmp_echo_igore_all #开启
echo 0 >/proc/sys/net/ipv4/icmp_echo_igore_all #关闭
Second, the iptables to prohibit ping the following order:
Iptables-i input-i eth0-p icmp-s 0/0-D 0/0-j DROP
The command to resume Ping is as follows:
Iptables-i input-i eth0-p icmp-s 0/0-D 0/0-j ACCEPT
third, using the iptables rule , prohibit the server to outsource, prevent DDoS attack
Iptables-i output-p UDP--dport 53-d 8.8.8.8-j ACCEPT #允许UDP服务IP
Iptables-a output-p udp-j DROP #禁止udp服务
These 53 ports and 8888 are required by the DNS service, and if you do not know the DNS settings for this computer, you can execute the following command to obtain IP:
Cat/etc/resolv.conf
All right, here's a simple feature on iptables, but in fact, using iptables to do some simple protection is OK.