Linux centos7iptables Filter Table case, iptables NAT table application

First, iptables filter table case

vim/usr/local/sbin/iptables.sh Add the following:

#! /bin/bash

ipt= "/usr/sbin/iptables"

$ipt-F

$ipt-P INPUT DROP

$ipt-P OUTPUT ACCEPT

$ipt-P FORWARD ACCEPT

$ipt-A input-m State--state erlated,established-j ACCEPT

$!ipt-a input-s 192.168.1.101/24-p TCP--dport 22-j ACCEPT

$!ipt-a input-p TCP--dport 80-j ACCEPT

$!ipt-a input-p TCP--dport 21-j ACCEPT

ICMP example

Iptables-i input-p ICMP--icmp-type 8-j DROP

Second, iptables NAT table application

Nat table applies a machine two Nic Ens33 (192.168.1.101), ENS37 (192.168.1.106), ENS33 can sisu the net, ENS3 is just the internal network, B Machine Only ens37 (192.168.100.100), and a machine ens3 can communicate interconnection.

Requirement 1: Allows the B machine to connect to the external network

A on-machine open route forwarding echo "1" >/proc/sys/net/ipv4/ip_forward

A on the execution iptables-t nat-a postrouting-s 192.168.1.101/24-o ens33-j Masquerade

Set Gateway to 192.168.1.106 on B

Demand 2:C machine can only communicate with a, so that the C machine can directly connect the B machine's 22 port

A on open route forwarding echo "1" >/Proc/sys/net/ipv4/ip_forward

A executes iptables-t nat-a prerouting-d 192.168.1.101-p tcp--dport 1122-j DNAT--to 192.168.1.106:22

A on the execution iptables-t nat-a postrouting-s 192.168.1.106-j SNAT--to 192.168.1.101

Set Gateway to 192.168.1.106 on B

Saving and backing up iptables rules

Service Iptables Save//The rules will be saved to

/etc/sysconfig/iptables back up the iptables rule to the My.ipt file

Iptables-save > My.ipt Restore the rules you just backed up

Iptables-restore < My.ipt

Linux centos7iptables Filter Table case, iptables NAT table application