Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to access the specified port through iptables under linux", the content of the article is simple and clear, easy to learn and understand, please follow Xiaobian's train of thought slowly in-depth, together to study and learn "how in linux through iptables only allows specified ip address to access the designated port setting method" bar!

First, clear all presets

The code is as follows:

Iptables-F# clears rules for all rule chains in the preset table filter

Iptables-X# clears the rules in the user-customized chain in the preset table filter. Second, the setting allows only the specified ip address to access the specified port.

Second, the setting allows only the specified ip address to access the specified port

The code is as follows:

Iptables-An INPUT-s xxx.xxx.xxx.xxx-p tcp-- dport 22-j ACCEPT

Iptables-An OUTPUT-d xxx.xxx.xxx.xxx-p tcp-- sport 22-j ACCEPT

Iptables-An INPUT-s xxx.xxx.xxx.xxx-p tcp-- dport 3306-j ACCEPT

Iptables-An OUTPUT-d xxx.xxx.xxx.xxx-p tcp-- sport 3306-j ACCEPT

For the above two items, please note that dport is the target port, and when data enters the server from outside, it is the target port; conversely, the data source port is the data source port when the data goes out of the server, using-- sport

Similarly,-s is the specified source address and-d is the specified destination address.

Then, close all ports

The code is as follows:

Iptables-P INPUT DROP

Iptables-P OUTPUT DROP

Iptables-P FORWARD DROP

Finally, save the current rule

The code is as follows:

/ etc/rc.d/init.d/iptables save

Service iptables restart

This iptables rule setting applies only to the management and maintenance of the MySQL server, and the external address does not provide any services.

If you want yum to work, you also need to add the following to allow port 53 requested by DNS to download randomly generated high ports

The code is as follows:

Iptables-An INPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

Iptables-An INPUT-p udp-- sport 53-j ACCEPT

Iptables-An OUTPUT-m state-- state RELATED,ESTABLISHED-j ACCEPT

Iptables-An OUTPUT-p udp-- dport 53-j ACCEPT

Iptables-An OUTPUT-p tcp-- sport 10000 tcp 65535-j ACCEPT

/ etc/rc.d/init.d/iptables save

Service iptables restart

Thank you for your reading, the above is the content of "how to access the designated port only by the specified ip address under linux". After the study of this article, I believe you have a deeper understanding of how to access the designated port through iptables through iptables. The specific use of the problem also needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.