Iptables only allows the specified IP address to access the specified port
First, clear all pre-settings
Iptables-F # clear rules of all rule chains in the filter of the preset table
Iptables-X # Clear the rules in the User-Defined chain in the filter of the preset table
Second, set to allow only the specified IP address to access the specified port
Iptables-a input-s xxx. xxx-p tcp -- dport 22-j ACCEPT
Iptables-a output-d xxx. xxx-p tcp -- sport 22-j ACCEPT
Iptables-a input-s xxx. xxx-p tcp -- dport 3306-j ACCEPT
Iptables-a output-d xxx. xxx-p tcp -- sport 3306-j ACCEPT
Note that -- dport is the destination port. When data enters from the external server, it is the destination port. Otherwise, data goes out from the server as the data source port, and -- sport is used.
Similarly,-s specifies the source address and-d specifies the target address.
Disable all ports.
Iptables-P INPUT DROP
Iptables-P OUTPUT DROP
Iptables-P FORWARD DROP
Finally, save the current rule
/Etc/rc. d/init. d/iptables save
Service iptables restart
This iptables rule setting applies only to the management and maintenance of MySQL servers. External addresses do not provide any services.
If you want yum to run, you also need to add the following content to allow the DNS request to port 53 and allow the random download of high ports
Iptables-a input-m state -- state RELATED, ESTABLISHED-j ACCEPT
Iptables-a input-p udp -- sport 53-j ACCEPT
Iptables-a output-m state -- state RELATED, ESTABLISHED-j ACCEPT
Iptables-a output-p udp -- dport 53-j ACCEPT
Iptables-a output-p tcp -- sport 10000: 65535-j ACCEPT
/Etc/rc. d/init. d/iptables save
Service iptables restart
For more iptables tutorials, see the following:
Disable the default firewall in CentOS 7.0 and enable the iptables firewall.
Iptables examples
Linux Firewall iptables
Basic use of iptables backup, recovery, and firewall scripts
Detailed description of firewall iptables usage rules in Linux
Iptables firewall settings in Linux
This article permanently updates the link address: