Linux Firewall iptables practical settings
One important step to maintain a Linux server is to manage the port opening and closing to avoid using the ports occupied by the services because the services are always running and external malicious attacks.
First, you can view the iptables information:
Sudo iptables-L
Each rule is listed. The rule marked with ACCEPT indicates that the communication indicated by this rule can be successful, and the rule marked with DROP indicates that the communication indicated by this rule is blocked. Note that during system running, a rule will be matched from the beginning to the end. Therefore, the last rule is DROP, which indicates that the rule is finished, and no DROP is in the middle, otherwise, the subsequent ACCEPT does not work.
Add Rules:
# Iptables-a input-p tcp-I eth0 -- dport ssh-j ACCEPT
-A indicates append,-p tcp indicates tcp protocol,-I eth0 indicates Nic, -- dport ssh indicates port ssh (that is, 22), and-j ACCEPT indicates that this rule is ACCEPT. If we want to open port 9001, replace ssh with port 9001.
Delete rule:
# Iptables-d input 3
3 refers to the third rule, which is the table listed in iptables-L above. The first row is the first rule.
The last one is DROP, so we need to block communication:
# Iptables-a input-j DROP
-------------------------------------- Split line --------------------------------------
Iptables examples
Iptables-packet filtering (Network Layer) Firewall
Linux Firewall iptables
Iptables + L7 + Squid implements a complete software firewall
Basic use of iptables backup, recovery, and firewall scripts
Detailed description of firewall iptables usage rules in Linux
-------------------------------------- Split line --------------------------------------
This article permanently updates the link address: