Firewall iptables settings

Source: Internet
Author: User
A Tomcat is mounted on the server. After specifying the port number, I will start accessing it! The company imposes limits on the RedHat port! Use iptables to view firewall settings: shell code iptables-nl I need a port 8880, it seems that it cannot be accessed! Directly modify the configuration file: shell code VI/etc/sysconfig/iptables. Add the content in the red box! It is not safe to do so. In a strange situation, this port will still be blocked! Force save: shell code service iptables save and restart the service: shell code service iptables restart and check firewall settings: shell code iptables-nl OK, now you can access it in the LAN through IP + port! To be practical, use the shell code to restrict all access from non-port 80 on the Internet. # accept TCP access from port 80, specify the network adapter as eth1 iptables-A input-p tcp-m tcp -- dport 80-I eth1-J accept # deny all access from non-Intranet addresses, specify the network adapter as eth1 iptables-A input-s! 10.0.0.0/255.0.0.0-I eth1-J Drop use iptables-Save to force the command to take effect. However, after I restart the ipatbles service, I use this command according to the configuration file. Edit iptables shell code Vim/etc/sysconfig/iptables to append the following content: shell code # accept TCP access from port 80, specify the network adapter as eth1-A input-p tcp-m tcp -- dport 80-I eth1-J accept # deny all access from non-Intranet addresses, specify the network adapter as eth1-A input-s! 10.0.0.0/255.0.0.0-I eth1-J Drop restart iptables: shell code service iptables restart view iptables status: shell code iptables-nl reference chain (Policy accept) target prot opt source destination accept all -- 127.0.0.1 0.0.0.0/0 accept TCP -- 0.0.0.0/0 0.0.0.0/0 tcp dpt: 80 drop all --! 10.0.0.0/8 0.0.0.0/0 must pay attention to the order. You must first configure accept and finally configure drop !!! Otherwise, the configuration is wrong and SSH is useless! Finally, the most critical step is to make the iptable configuration start with the system: shell code service iptables save reference # service iptables save saves the current rule to/etc/sysconfig/iptables: [OK] It is said that the shell code chkconfig iptables on can also be automatically started, that is, starting iptables will automatically read the configuration file (/etc/sysconfig/iptables ). Reference iptables Command Option iptables [-T tables] Command Option parameter target-a Add a rule at the end of the chain-C check the rule before adding it to the user-defined chain-D from delete a rule in the chain-e rename the User-Defined chain, do not change the chain itself-F clear the chain, delete all the rules on the chain-I insert a rule in the chain-l list the rules on a chain, for example, iptables-l input lists the rules of the input chain-N creates a new chain-P defines the Default policy of a chain-r replaces a rule on the chain-x deletes a user-related chain-Z: view all image attachments in all tables

 

Firewall iptables settings

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.