Iptables is a common firewall software in Linux, the following describes how to install and clear iptables rules. iptables only opens the specified port, and iptables shields basic applications of iptables, such as specified ip addresses, ip segments, unblocking, and deleting added iptables rules. 1, how do I know if iptables is installed in the system when I install iptables? Run I
IptablesIt is a common firewall software on Linux.
IptablesOnly the specified port and iptables are allowed to shield the specified ip address, ip segment, unseal, and delete the added iptables rules.
1. install iptables firewall How do I know if iptables is installed in the system? Run iptables-V. if it is displayed as follows:
Iptables v1.3.5
Iptables has been installed.
If iptables is not installed, install it first. run the following command:
Yum install iptables
Set the firewall in Linux. take CentOS as an example to open the iptables configuration file:
Vi/etc/sysconfig/iptables
Run the/etc/init. d/iptables status command to check whether port 80 is enabled. if port 80 is not enabled, you can use either of the following methods:
1. modify the vi/etc/sysconfig/iptables command to add the firewall to open port 80
-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 80-j ACCEPT
3. permanently disable the firewall Chkconfig -- level 35 iptables off/etc/init. d/iptables stopiptables-P INPUT DROP
4. enable port 21 in active mode Iptables-a input-p tcp -- dport 21-j ACCEPT
5. enable passive mode 49152 ~ Port 65534 Iptables-a input-p tcp -- dport 49152: 65534-j ACCEPT
Iptables-a input-I lo-j ACCEPT
Iptables-a input-m state -- state ESTABLISHED-j ACCEPT
After all the modifications, restart iptables:
Service iptables restart
You can verify whether all rules have taken effect:
Iptables-L
Through the introduction of this article, we have clearly understood the process of configuring iptables firewall in CentOS. I hope everyone can master it!
2. clear existing iptables rules
Iptables-F: clear rules of all rule chains in the filter of the preset table
Iptables-X clear the rules in the user-defined chain in the filter of the preset table
Iptables-Z
3. open the specified port
# Allow the local loopback interface (that is, running the local machine to access the local machine)
Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# Allow established or related connections
Iptables-a input-m state? State ESTABLISHED, RELATED-jACCEPT
# Allow external access from all hosts
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p tcp? Dport 22-j ACCEPT
# Allow access to port 80
Iptables-a input-p tcp? Dport 80-j ACCEPT
# Allow port 21 and Port 20 of the FTP service
Iptables-a input-p tcp? Dport 21-j ACCEPT
Iptables-a input-p tcp? Dport 20-j ACCEPT
# If there are other ports, the rule is similar. just modify the preceding statement slightly.
# Prohibit access by other unpermitted rules
Iptables-a input-j REJECT (note: If port 22 is not added with the permit rule, the SSH link will be disconnected directly .)
Iptables-a forward-j REJECT
After the configuration is executed, the IP address is configured by using commands. You must run the following command to save the file.
/Etc/rc. d/init. d/iptables save
4. shielding IP addresses
# If you only want to block the IP address, you can skip "3. open the specified port.
# The command to shield a single IP address is
Iptables-I INPUT-s 123.45.6.7-j DROP
# The Command for sealing the entire segment from 123.0.0.1 to 123.20.255.254
Iptables-I INPUT-s 123.0.0.0/8-j DROP
# An IP address segment is a command from 123.45.0.1 to 123.45.255.254.
Iptables-I INPUT-s 124.45.0.0/16-j DROP
# The Command from 123.45.6.1 to 123.45.6.254 is
Iptables-I INPUT-s 123.45.6.0/24-j DROP
5. view the added iptables rules
Iptables-L-n
V: displays details, including the number of matching packages and the number of matching bytes for each rule.
X: disable automatic unit conversion (K, M) based on v)
N: only the ip address and port number are displayed, and the ip address is not resolved as a domain name.
6. delete the added iptables rule
Display all iptables with serial numbers. run the following command:
Iptables-L-n? Line-numbers
For example, to delete the rule with serial number 8 in INPUT, execute:
Iptables-d input 8
7. start iptables and save the rules
After iptables is installed on CentOS, iptables does not start automatically after it is started. you can execute the following command:
Chkconfig? Level 345 iptables on
Add it to startup.
On CentOS, you can run the: service iptables save rule.
Note:
Be sure to leave a path for yourself and leave a VNC management port and an SSh management port.
You must modify the file based on your server.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
