CentOS firewall iptables practical settings
One important step to maintain a server is to manage the opening and closing of ports to prevent external malicious attacks from exploiting the ports occupied by these services.
First, you can view the
Linux Firewall IptablesAs follows:
1. iptables-h prints the help information of the iptables command. With this help, it is much easier to configure it.
2. iptables-L -- line-numbers prints all the rules in the filter table and marks the rules with
Basic syntax format for iptablesiptables [-t table name] command options [link name] [conditional match] [-j target action or jump]Description: The table name, the chain name is used to specify the tables and chains that the Iptables command
Iptables is a powerful firewall tool provided by Linux system, which can implement packet filtering, packet redirection, NAT conversion and so on. Iptables is free, iptables is a tool, and the actual functionality is implemented through the
Iptables IntroductionNetfilter/iptables (referred to as iptables) constitutes a packet filtering firewall under the Linux platform, like most Linux software, this packet filtering firewall is free, it can replace expensive commercial firewall
I have a "brother Bird's Linux private dishes-server erection." The 9th chapter explains the principle and configuration of the firewall in detail. Basic knowledge The NetFilter firewall mechanism is built into the Linux system kernel. NetFilter
See this configuration on the Internet is also relatively easy to understand, turned around, we look together, I hope that your work can be helpful.Iptables-fIptables-xIptables-f-T MangleIptables-t Mangle-xIptables-f-T NATIptables-t Nat-xFirst,
V. Filter filtering and forwardingA, turn on the IP forwarding of the kernel# sysctl-w Net.ipv4.ip_forward=1or # echo 1 >/proc/sys/net/ipv4/ip_forwardb, basic matching conditions• Universal Matching→ Can be used directly, not dependent on other
1, overview 1.1 What is Nat in the traditional standard TCP/IP communication process, all the routers are just the role of a middleman, that is, the usual storage and forwarding, the router does not modify the forwarded packets , rather than
"Go: Original link"Iptables-fIptables-xIptables-f-T MangleIptables-t Mangle-xIptables-f-T NATIptables-t Nat-xFirst, empty the three tables and empty the self-built rules.Iptables-p INPUT DROPIptables-p OUTPUT DROPIptables-p FORWARD ACCEPTThe default
Permanent, no recovery after rebootChkconfig iptables onChkconfig iptables offImmediate effect, recovery after rebootService Iptables StartService Iptables StopIt should be stated that for other services under Linux, the above command can be used to
1 ifconfig View network card IPConfiguration file /etc/sysconfig/network-scripts/ifcfg-eth0Restart the NIC service Network RestartSet up multiple IPs for a network cardCd/etc/sysconfig/network-scriptsCP Ifcfg-eht0 Ifcfg-eth0\:1Editor Ifcfg-eth0\:1
with this tutorial, make sure you can use Linux native. If you are using SSH remote and cannot operate the machine directly, then add the following code first ... Of course the worst result is that all ports are inaccessible and cannot even log in
Maintaining a server one of the important steps is to manage the opening and closing of ports to avoid the ports that external malicious attacks take advantage of because the service is running all the time.The first is the ability to view the
Let's take a look at an article about CentOS installation VPN pptpd firewall iptables forwarding settings, this problem is because a friend set up some of the Web site can not be accessed when the solution came up.
CentOS installation VPN appears
A Iptables IntroductionThe firewall, in fact, is used to realize the Linux access control function, it is divided into hardware or software firewall two kinds. Regardless of the network in which the firewall works, it must be at the edge of the
Original from: https://www.linuxidc.com/Linux/2017-01/140073.htm (quote from)A: PrefaceFirewall, in fact, is used to realize the Linux access control functions, it is divided into hardware or software firewall two. Regardless of the network in which
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.