CentOS 7 一些配置iptables方法
一、关闭firewalld,安装iptables过程: 停止并禁用firewalld: systemctl stop firewalld systemctl disable firewalld 安装iptables-services: yum -y install iptables-services 设置开机启动: systemctl enable iptables 停止/启动/重启 防火墙: systemctl [stop|start|restart] iptables #或者 service iptables [stop|start|restart] 保存防火墙配置: service iptables save #或者 /usr/libexec/iptables/iptables.init save 二、一些禁用规则 编辑 /etc/sysconfig/iptables 1)默认全部禁用,只允许访问指定IP *filter :INPUT DROP [4:288] :FORWARD ACCEPT [0:0] :OUTPUT DROP [5:312] -A INPUT -s 127.0.0.1 -j ACCEPT -A OUTPUT -d 127.0.0.1 -j ACCEPT -A INPUT -s 192.168.238.0/24 -j ACCEPT -A OUTPUT -d 192.168.238.0/24 -j ACCEPT COMMIT # Completed on Wed Dec 18 15:59:24 2024 2) 默认放行所有,拒绝指定的IP地址访问 # Generated by iptables-save v1.4.21 on Wed Dec 18 15:38:02 2024 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A OUTPUT -d 111.111.111.111 -j REJECT #拒绝指定IP -A INPUT -s 192.168.238.0/24 -j ACCEPT #放行指定IP段 -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Dec 18 15:38:02 2024
<< 上一篇
下一篇 >>
网友留言(0 条)