Linux in Iptables tutorial basic application Firewall

Source: Internet
Author: User
Tags to domain

Iptables It is the Linux firewall software is often used, the following said iptables device, delete iptables rules, iptables as long as the specified port, iptables shield designated IP, IP section and unlock, Remove the Add Iptables rule iptables basic application.

1. Install iptables Firewall

It is assumed that no installation of iptables is required before installation. CentOS Run:

Yum Install Iptables

Debian/ubuntu Run:

Apt-get Install Iptables2, clear the existing iptables rules Iptables-f
Iptables-x
IPTABLES-Z3, open the specified port# agree to the local loopback interface (that is, perform a native interview natively)
Iptables-a input-s 127.0.0.1-d 127.0.0.1-j ACCEPT
# agree to established or connected passes
Iptables-a input-m State--state established,related-j ACCEPT
#同意全部本机向外的訪问
Iptables-a output-j ACCEPT
# Consent to interview 22port
Iptables-a input-p TCP--dport 22-j ACCEPT
#同意訪问80port
Iptables-a input-p TCP--dport 80-j ACCEPT
#同意FTP服务的21和20port
Iptables-a input-p TCP--dport 21-j ACCEPT
Iptables-a input-p TCP--dport 20-j ACCEPT
#假设有其它port的话, the rules are similar. You can change the above statement slightly
#禁止其它未同意的规则訪问
Iptables-a input-j REJECT (Note: If 22port does not increase the consent rule, the SSH link will be disconnected directly.) )
Iptables-a forward-j REJECT4, shielding ip# assume that only want to block the IP words "3, open the designated port" can skip directly.


#屏蔽单个IP的命令是
Iptables-i input-s 123.45.6.7-j DROP
#封整个段即从123.0.0.1 to 123.255.255.254 command
Iptables-i input-s 123.0.0.0/8-j DROP
#封IP段即从123.45.0.1 to 123.45.255.254 command
Iptables-i input-s 124.45.0.0/16-j DROP
#封IP段即从123.45.6.1 to 123.45.6.254 command is
Iptables-i input-s 123.45.6.0/24-j DROP4, view added iptables rules Iptables-l-N

V: Displays specific information. Contains the number of matched packages per rule and the number of matching bytes
x: On the basis of V, prohibit self-active unit conversion (K, M) VPS Detective
N: Only show IP address and port number, do not resolve IP to domain name

5. Delete the iptables rules that have been added

To display all iptables as an ordinal tag, run:

Iptables-l-N--line-numbers

For example, to delete the rule with the ordinal number 8 in input, run:

iptables-d INPUT 86, iptables boot and rule saving

CentOS may exist after installing the iptables, Iptables does not boot from the boot, can run:

Chkconfig--level 345 iptables on

Increase it to boot up.

Can run on CentOS: Service iptables save rules.

It is also more important to note that debian/ubuntu on iptables will not save the rules.

You need to follow the steps, such as the following, so that the network card is saved iptables rules. Load Iptables rule at startup:

Create a/etc/network/if-post-down.d/iptables file, including the following:

#!/bin/bash
Iptables-save >/etc/iptables.rules

Run: chmod +x/etc/network/if-post-down.d/iptables join the Run permission.

Create a/etc/network/if-pre-up.d/iptables file. Add for example the following content:

#!/bin/bash
Iptables-restore </etc/iptables.rules

Run: chmod +x/etc/network/if-pre-up.d/iptables join the Run permission.

The usage of many other iptables can be run: iptables--help or search the Internet for iptables description parameters.

Copyright notice: This article Bo Master original articles, blogs, without consent may not be reproduced.

Linux in Iptables tutorial basic application Firewall

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.