In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
This article mainly introduces what are the basic configuration methods of iptables under the Linux system. It is very detailed and has a certain reference value. Friends who are interested must read it!
Specific steps for configuring iptables under Linux system:
1. Check the settings of IPTABLES on this machine.
[root@www.linuxidc.com /] # iptables-L-nChain INPUT (policy ACCEPT) target prot opt source destinationChain FORWARD (policy ACCEPT) target prot opt source destinationChain OUTPUT (policy ACCEPT) target prot opt source destinationChain RH-Lokkit-0-50-INPUT (0 references) target prot opt source destination
2. Clear the original rules
[root@www.linuxidc.com /] # iptables-F
3. Save the configured rules and take effect. Action is required every time the rules are updated.
[root@www.linuxidc.com /] # / etc/rc.d/init.d/iptables save [root@www.linuxidc.com /] # service iptables restart
4. Set preset rules
[root@www.linuxidc.com /] # iptables-P INPUT DROP [root@www.linuxidc.com /] # iptables-P OUTPUT ACCEPT [root@www.linuxidc.com /] # iptables-P FORWARD DROP
The above means that when the two chain rules (INPUT,FORWARD) in the filter table in IPTABLES are exceeded, how to deal with the packets that are not in these two rules, that is, DROP.
As for the OUTPUT chain, that is, the outgoing package, you don't have to do too many restrictions, but adopt ACCEPT, that is, what to do with the package that is not in the rule, that is, pass.
5. Add a new rule example
In order to log in using remote SSH, port 22 should be opened.
[root@www.linuxidc.com /] # iptables-An INPUT-p tcp-- dport 22-j ACCEPT
# tcp protocol for opening WEB service port
Iptables-An INPUT-p tcp-- dport 80-j ACCEPT
# tcp protocol for opening POP3 service port
[root@www.linuxidc.com /] # iptables-An INPUT-p tcp-- dport 110j ACCEPT
# tcp protocol for opening SMTP service port
[root@www.linuxidc.com /] # iptables-An INPUT-p tcp-- dport 25-j ACCEPT
# tcp protocol for opening FTP service port
[root@www.linuxidc.com /] # iptables-An INPUT-p tcp-- dport 21-j ACCEPT
# allow the host with an IP address of 202.106.12.130 to connect to the local SSH service port
[root@www.linuxidc.com /] # iptables-An INPUT-p tcp-s 202.106.12.130-- dport 22-j ACCEPT
# allow tcp packets to flow into DNS service ports
[root@www.linuxidc.com /] # iptables-An INPUT-p tcp-- dport 53-j ACCEPT is all the content of this article "what are the basic configuration methods of iptables under Linux system". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
