Record: iptables operation

Last Update:2015-09-07 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

First, check iptables service status
Check the status of the Iptables service first

[[Email protected] ~]# service iptables status
Iptables:firewall is not running.

Description The Iptables service is installed, but the service is not started.
if not installed, you can install it directly with Yum
# yum Install-y iptables

start Iptables
[[Email protected] ~]# service iptables start
iptables:applying Firewall rules: [OK]

look at the configuration of the current iptables
[email protected] ~]# iptables-l-N

Second, clear the default firewall rules
#首先在清除前要将policy input is changed to accept, which indicates acceptance of all requests.
#这个一定要先做, or it might be tragic when it's emptied.
iptables-p INPUT ACCEPT
#清空默认所有规则
iptables-f
#清空自定义的所有规则
Iptables-x
#计数器置0
iptables-z

third, configuration rules
#允许来自于lo接口的数据包
#如果没有此规则, you will not be able to access local services through 127.0.0.1, such as ping 127.0.0.1
iptables-a input-i lo-j ACCEPT

#ssh端口22
iptables-a input-p tcp--dport 22-j ACCEPT

You can also open multiple port abbreviations directly:
iptables-a input-p tcp-m multiport--dport 80,443,873,22,3306-j ACCEPT

#允许icmp包通过, which allows the ping
iptables-a input-p icmp-m ICMP--icmp-type 8-j ACCEPT
#允许所有对外请求的返回包
#本机对外请求相当于OUTPUT, for the return packet must receive Ah, this is equivalent to input
iptables-a input-m State--state established-j ACCEPT
#如果要添加内网ip信任 (Accept all of its TCP requests)
iptables-a input-p tcp-s 45.96.174.68-j ACCEPT
#过滤所有非以上规则的请求
iptables-p INPUT DROP

#要封停一个IP, use this command:
iptables-i input-s ***.***.***.***-j DROP

#要解封一个IP, use this command:
iptables-d input-s ***.***.***.***-j DROP

Iv. Preservation
first Iptables-l-N to see if the configuration is correct.
no problem, do not hurry to save, because no save is only currently valid, restart will not take effect, so in case there is any problem, you can force restart the server recovery settings.
also open an SSH connection to make sure you can log in.

Make sure you save after you have no problem

#保存
[[Email protected] ~]# service iptables Save
#添加到自启动chkconfig
[email protected] ~]# chkconfig iptables on
Modify Firewall port: Modify/etc/sysconfig/iptables file

Record: iptables action

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More