View ip connection count:
Netstat-ntu | awk '{print $5}' | cut-d:-f1 | sort | uniq-c | sort-n
1. Install iptables firewall
If iptables is not installed, install it first, and run CentOS:
Yum install iptables
Run Debian/Ubuntu:
Apt-get install iptables
2. Clear existing iptables rules
Iptables-F
Iptables-X
Iptables-Z
3. Open the specified port
# Allow the local loopback interface (that is, running the local machine to access the local machine)
Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# Allow established or related connections
Iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT
# Allow external access from all hosts
Iptables-a output-j ACCEPT
# Allow access to port 22
Iptables-a input-p tcp -- dport 22-j ACCEPT
# Allow access to port 80
Iptables-a input-p tcp -- dport 80-j ACCEPT
# Allow port 21 and Port 20 of the FTP service
Iptables-a input-p tcp -- dport 21-j ACCEPT
Iptables-a input-p tcp -- dport 20-j ACCEPT
# If there are other ports, the rule is similar. Just modify the preceding statement slightly.
# Prohibit access by other unpermitted rules
Iptables-a input-j REJECT (note: If port 22 is not added with the permit rule, the SSH link will be disconnected directly .)
Iptables-a forward-j REJECT
4. Shielding IP addresses
# The command to shield a single IP address is
Iptables-I INPUT-s 123.45.6.7-j DROP
# The Command for sealing the entire segment from 123.0.0.1 to 123.20.255.254
Iptables-I INPUT-s 123.0.0.0/8-j DROP
# An IP address segment is a command from 123.45.0.1 to 123.45.255.254.
Iptables-I INPUT-s 124.45.0.0/16-j DROP
# The Command from 123.45.6.1 to 123.45.6.254 is
Iptables-I INPUT-s 123.45.6.0/24-j DROP
4. View the added iptables rules
Iptables-L-n
V: displays details, including the number of matching packages and the number of matching bytes for each rule.
X: disable automatic unit conversion (K, M) based on v)
N: only the ip address and port number are displayed, and the ip address is not resolved as a domain name.
5. Delete the added iptables rule
Display all iptables with serial numbers. Run the following command:
Iptables-L-n -- line-numbers
For example, to delete the rule with serial number 8 in INPUT, execute:
Iptables-d input 8
6. Start iptables and save the rules
After iptables is installed on CentOS, iptables does not start automatically after it is started. You can execute the following command:
Chkconfig -- level 345 iptables on
Add it to startup.
On CentOS, you can run the: service iptables save rule.
In addition, iptables on Debian/Ubuntu does not save rules.
To disable the NIC, follow these steps: save iptables rules and load iptables rules at startup:
Create the/etc/network/if-post-down.d/iptables file and add the following:
#! /Bin/bash
Iptables-save>/etc/iptables. rules
Run: chmod + x/etc/network/if-post-down.d/iptables to add execution permissions.
Create the/etc/network/if-pre-up.d/iptables file and add the following:
#! /Bin/bash
Iptables-restore </etc/iptables. rules
Run: chmod + x/etc/network/if-pre-up.d/iptables to add execution permissions.
Save and save. Write to the/etc/sysconfig/iptables file
Iptables-save>/etc/sysconfig/iptables
/Etc/rc. d/init. d/iptables save
Service iptables save
Iptables-L-n
Iptables-t nat-L: displays the settings in the nat table.
Iptables-F: clear rules of all rule chains in the filter of the preset table
Iptables-X clear the rules in the user-defined chain in the filter of the preset table
-D. Delete a rule in the chain:
Iptables-L
Iptables-d input 3 deletes the 3rd rules on the INPUT chain.
Insert rule iptables-I into the first row to become the first rule
Iptables-save>/etc/sysconfig/iptables
Set chain rules
Iptables-p INPUT DROP
Iptables-p OUTPUT ACCEPT
Iptables-p FORWARD DROP