First, iptables filter table case
vim/usr/local/sbin/iptables.sh Add the following:
#! /bin/bash
ipt= "/usr/sbin/iptables"
$ipt-F
$ipt-P INPUT DROP
$ipt-P OUTPUT ACCEPT
$ipt-P FORWARD ACCEPT
$ipt-A input-m State--state erlated,established-j ACCEPT
$!ipt-a input-s 192.168.1.101/24-p TCP--dport 22-j ACCEPT
$!ipt-a input-p TCP--dport 80-j ACCEPT
$!ipt-a input-p TCP--dport 21-j ACCEPT
ICMP example
Iptables-i input-p ICMP--icmp-type 8-j DROP
Second, iptables NAT table application
Nat table applies a machine two Nic Ens33 (192.168.1.101), ENS37 (192.168.1.106), ENS33 can sisu the net, ENS3 is just the internal network, B Machine Only ens37 (192.168.100.100), and a machine ens3 can communicate interconnection.
Requirement 1: Allows the B machine to connect to the external network
A on-machine open route forwarding echo "1" >/proc/sys/net/ipv4/ip_forward
A on the execution iptables-t nat-a postrouting-s 192.168.1.101/24-o ens33-j Masquerade
Set Gateway to 192.168.1.106 on B
Demand 2:C machine can only communicate with a, so that the C machine can directly connect the B machine's 22 port
A on open route forwarding echo "1" >/Proc/sys/net/ipv4/ip_forward
A executes iptables-t nat-a prerouting-d 192.168.1.101-p tcp--dport 1122-j DNAT--to 192.168.1.106:22
A on the execution iptables-t nat-a postrouting-s 192.168.1.106-j SNAT--to 192.168.1.101
Set Gateway to 192.168.1.106 on B
Saving and backing up iptables rules
Service Iptables Save//The rules will be saved to
/etc/sysconfig/iptables back up the iptables rule to the My.ipt file
Iptables-save > My.ipt Restore the rules you just backed up
Iptables-restore < My.ipt
Linux centos7iptables Filter Table case, iptables NAT table application