Brief introduction:
Iptables is a user-state module, which is mainly configured for rules;
NetFilter is the kernel module, which is responsible for filtering actions.
Instance:
- Iptables–f
- Iptables–a input–i lo–j ACCEPT
- Iptables–a input–s 127.0.0.1–d 127.0.0.1–j ACCEPT
- Iptables–a input–p ICMP--icmp-type any–j ACCEPT
- Iptables–a input–p tcp–-dport 80–j ACCEPT
- Iptables–a input–p tcp–s 114.114.114.114–-sport 53–j ACCEPT
- Iptables–a input–p udp–s 114.114.114.114–-sport 53–j ACCEPT
- Iptables–a input–p tcp–s 8.8.8.8–-sport 53–j ACCEPT
- Iptables–a input–p udp–s 8.8.8.8–-sport 53–j ACCEPT
- Iptables–a input–p tcp–s x.x.x.x–-sport 22–j ACCEPT
- Iptables–a input–j DROP
- Iptables–a forword–j DROP
Attention:
When configuring a firewall policy to prevent yourself from being locked out of the server, you should be aware of the following two points:
1, in the computer room to carry out the operation of personnel;
2. Deploy in a test environment before the formal environment is deployed.
Restricting network access using Linux Iptables