In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
IPTABLES rules, reject all links first, pay attention to opening up external services
IPTABLES available actions
(1)-L: first, all policies in the selected chain IPTABLES-t filter-L
(2)-A: (chain name): add a new strategy to the end of the selected chain
Example: IPTABLES-t filter-An INPUT-S 192.168.3.1-j DROP
(3)-D: (chain name) (policy content or serial number) removes a policy from the selected chain
Example: iptables-t filter-D INPUT 3
(4)-F (chain name) clear the selected chain strategy
Iptables-F INPUT
IPTABLES available data description
(1)-p (tcp/udp/icmp) matches the specified protocol example:
Block all UDP traffic from the source address 192.168.3.1 to the local machine
Iptables-t filter-An INPUT-P udp-S 192.168.3.1-j DROP
(2)-d (ip address) blocks traffic at this address
Block traffic on the network segment where the ip address is 192.168.3.1DB 192.168.3.0
Iptables-t filter-An OUTPUT-d 192.168.3.1 / 192.168.3.0 take 24-j DROP
(3)-I (network interface) matches packets by entering the local interface (entering the local interface-I)
Example: block all communications entering from eth0 with source address 192.168.3.1
Iptables-t filter-An INPUT-I eth0-s 192.168.3.1-j DROP
(4)-o (network interface) matches packets with packets leaving the network interface used locally, with-I (leaving the local interface-o)
Example: block traffic sent from eth0 with the destination IP address 192.168.3.0
Iptables-t filter-An OUTPUT-o eth0-S 192.168.3.0 24-j DROP
(5)-- sport (port) matches packets using the packet source port. This parameter must be used with-p
Example: all tcp communications with blocking source port 1000
Iptables-t filter-An INPUT-p tcp-- sport 1000-j DROP
(6)-- dport (port) based on the port match of the packet destination
Example: block all tcp communication with destination port 1000
Iptables-t filter-An OUTPUT-p tcp-- dport 1000-j DROP
Common service policy configuration
Example: DNS:
Iptables-An INPUT-p udp-s 192.168.3.0 dport 24-- dport 53-j ACCEPT
Iptables-An INPUT-p udp-s 192.168.3.0 sport 24-- sport 53-j ACCEPT
Iptables-An OUTPUT-p udp-D 192.168.3.0 dport 24-- dport 53-j ACCEPT
Iptables-An OUTPUT-p udp-D 192.168.3.0 sport 24-- sport 53-j ACCEPT
IPTABLES rules are saved in the configuration file / etc/sysconfig/iptables
The following command saves the current IPTABLES configuration to the configuration file
Service iptables save
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
