Linux iptables settings

xiaoxiao2021-04-01  211

Edit / etc / sysconfig / iptables and run / sbin / service iptables restart

Firewall rules can only be activated when IPTables service is running. To manually start the service, use the following command:

/ sbin / service iptables restart

To make sure it starts during the system boot, use the following command:

/ sbin / chkconfig --level 345 iptables on

IPChains services cannot run at the same time as IPTables services. To determine the IPChains service is disabled, perform the following command:

/ sbin / chkconfig --level 345 ipchains off

The following is a relatively common firewall rule: iptables -f # deletes the existing rules iptables -p input Drop # Configure the default denial rule. Basic rules are: Reject all services first, then add new rules as needed. iptables -a input -p tcp --dport 80 -j accept # Open the TCP protocol of the web service port iptables -a input -p tcp --dport 110 -j accept # Open the TCP protocol of the POP3 service port iptables -a input -p TCP - DPORT 25 -J Accept # TCP protocol IPTables -a INPUT -P TCP - Dport 21 -J Accept # opens the FTP service port TCP protocol IPTables -a Input -p TCP -S 202.106.12.130 --Dport 22 -j accept # allows IP address 202.106.12.130 This host connection Locally SSH service port iptables -a input -p tcp --dport 53 -j accept # allows the TCP packet of DNS service port to flow into iptables - A INPUT -P UDP - DPORT 53 -J Accept # Allows the UDP packet of the DNS service port into iptables -a input -p icmp -ICmp-type echo-request -i eth1 -j drop # to prevent death, from the interface All requests from Eth1 ICMP protocol are discarded. iptables -a forward -p tcp --syn -m limited --LIMIT 1 / S -J ACCEPT # Prevent Syn Flood from adding rules according to server conditions.

iptables -i rh-firewall-1-input 20 -p tcp -s 211.161.250.232/32 -m State --State New --dport 3306 -j Accept

iptables -i rh-firewall-1-input 20 -p tcp -s 211.161.192.0/24 -m State --State New --dport 3306 -J Accept

转载请注明原文地址:https://www.9cbs.com/read-131277.html

New Post(0)