Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to use the Linux iptables command". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

"Linux iptables: principle and basis of rules" and "Linux iptables: rule composition" introduce the basis of iptables and the composition of iptables rules. This article demonstrates the actual application scenario of iptables through practical operation.

Firewall setting Policy

The setting policies of firewalls are generally divided into two types, one is called "communication" policy, and the other is called "blocking" strategy:

Pass policy, all packets are not allowed to pass by default, and rules are defined for allowed packets.

The blocking policy is that all packets are allowed by default, and rules are defined for packets to be rejected.

Generally speaking, the firewall setting of the server adopts the first strategy, which is more secure, and the actual combat scenario introduced in this article also adopts the "pass" strategy.

Scene actual combat definition

Suppose this article implements the rules defined in the following scenarios:

1. Open local port 80,22,10-21 access to all addresses.

2. Open ICMP protocol packet access to all addresses

3. Access to other ports that are not allowed is prohibited.

Iptables rule implementation

Implement the command operations defined above:

Clear all default rules first

The code is as follows:

Iptables-F

Open port

The code is as follows:

Iptables-I INPUT-p tcp-- dport 80-j ACCEPT

Iptables-I INPUT-p tcp-- dport 22-j ACCEPT

Open ICMP

The code is as follows:

Iptables-I INPUT-p icmp-j ACCEPT

Prohibit other ports

The code is as follows:

Iptables-An INPUT-j REJECT

View Rul

The code is as follows:

Iptables-L-n

Operation result:

Key points of iptables rule definition

There are several points to note in the above operation:

1. Be sure to allow access to port 22, otherwise when you enter iptables-An INPUT-j REJECT, the SSH will be disconnected immediately and can no longer operate remotely.

2. Iptables-An INPUT-j REJECT must be appended to the end of the rule with the A command, and cannot be inserted with the I command, so that the reject operation will take effect at the end.

3. Allow continuous range ports to be specified using the start: end port.

That's all for "how to use the Linux iptables Command". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.